Conflict of Interest at the FTC?
Charles Carreon
Given that the FTC is a consumer-protection agency, we might expect it to be more aggressive in requiring the CRAs and other customer data handlers to plug security leaks. You might expect to see an enforcement action directed at shutting down access to customer data and credit information to companies that allow information to “get loose,” causing consumers to suffer the theft of their identities. Instead, the FTC has adopted a “Safeguards Rule” for financial institutions, which is a good rule that we discuss below, as far as it goes. Which is not far enough. By this late date, the FTC shold have crafted tougher rules that would require banks to do more than add a fine-print envelope stuffer describing “privacy policies” and a toll free number to opt out. A helpful rule to stem the rising tide of misused customer data would outlaw the unnecessary sharing and sale of customer data. Instead of an opt-out plan, it would allow an opt-in plan, under which customers are presumed to have asserted the right to forbid data sharing unless they voluntarily waive the right. Why is the FTC not closing this “backdoor” into your customer and financial data?
Private industry currently operates under less restriction than the federal government to exploit the information you provide. The federal government has embarked upon the program of “total information awareness” and recently created a “Directorate of Information” under the Homeland Security Act. A look at your credit card billing during the last year would provide police and intelligence agencies enough information to reconstruct your activities in detail and compare your movements and activities with a terrorist profile. When you combine this information with what is available to the FBI through its online criminal history and fingerprint database, (a system that has its own tendency to generate errors) you can see that “total information awareness” is far from a pipe dream. The FTC may have a conflict of interest when it comes to helping us preserve our privacy. To the extent you want to have any financial privacy at all, the first step is to read your bank's privacy policy, and be sure you assert your rights to the maximum. The next is to vote for representatives who will put consumer control over commercial data back in our hands from the start, rather than defaulting to the interests of those who will profit from making privacy a thing of the past.
Given that the FTC is a consumer-protection agency, we might expect it to be more aggressive in requiring the CRAs and other customer data handlers to plug security leaks. You might expect to see an enforcement action directed at shutting down access to customer data and credit information to companies that allow information to “get loose,” causing consumers to suffer the theft of their identities. Instead, the FTC has adopted a “Safeguards Rule” for financial institutions, which is a good rule that we discuss below, as far as it goes. Which is not far enough. By this late date, the FTC shold have crafted tougher rules that would require banks to do more than add a fine-print envelope stuffer describing “privacy policies” and a toll free number to opt out. A helpful rule to stem the rising tide of misused customer data would outlaw the unnecessary sharing and sale of customer data. Instead of an opt-out plan, it would allow an opt-in plan, under which customers are presumed to have asserted the right to forbid data sharing unless they voluntarily waive the right. Why is the FTC not closing this “backdoor” into your customer and financial data?
Private industry currently operates under less restriction than the federal government to exploit the information you provide. The federal government has embarked upon the program of “total information awareness” and recently created a “Directorate of Information” under the Homeland Security Act. A look at your credit card billing during the last year would provide police and intelligence agencies enough information to reconstruct your activities in detail and compare your movements and activities with a terrorist profile. When you combine this information with what is available to the FBI through its online criminal history and fingerprint database, (a system that has its own tendency to generate errors) you can see that “total information awareness” is far from a pipe dream. The FTC may have a conflict of interest when it comes to helping us preserve our privacy. To the extent you want to have any financial privacy at all, the first step is to read your bank's privacy policy, and be sure you assert your rights to the maximum. The next is to vote for representatives who will put consumer control over commercial data back in our hands from the start, rather than defaulting to the interests of those who will profit from making privacy a thing of the past.