Protecting data from the profiteers

August 15, 2002|By Joseph R. Biden Jr.

WASHINGTON -- It seems like we can do very little these days without having basic facts of our lives exposed.

Purchase a CD, and the cashier asks for your phone number. Buy groceries at the supermarket, and the clerk wants your street address and ZIP code. Order a book over the Internet, and the vendor wants your date of birth. We give up this information, albeit reluctantly, because that's the price of doing business in the information age.

But what if you discovered that businesses did not use this personal data to verify your identity but, instead, sold it to others? Even worse, what if you learned businesses were collecting and dealing in your most personal, sensitive information -- your medical and financial records?

Many companies are doing just that because it's extremely profitable, and the penalties for getting caught are minimal or nonexistent. Far too often, unauthorized release of medical or financial records is devastating to victims.

How do we protect the privacy of medical and financial records? Through tougher penalties and real enforcement for the unauthorized release of personal information. We must protect our privacy from "information criminals" who sell our most intimate health information and financial records for a fast buck. But while nearly everyone understands why selling such information should result in severe penalties, existing laws may lack the teeth to stop these offenses.

For example, in 1996 Congress passed the Health Insurance Portability and Accountability Act to protect patients' medical records. It included penalties of up to 10 years in prison for the unauthorized release of medical records for commercial gain.

Yet, no criminal prosecutions can be brought until April 2003 because this administration's final privacy regulations, which likely will favor HMOs over patients, will not take effect until next year. Federal prosecutors are currently powerless to enforce this criminal provision.

The Clinton administration wisely proposed regulations that required HMOs to obtain a patient's consent prior to releasing medical records. Recently, the present administration turned that idea upside down and proposed a regulation allowing HMOs to release a patient's medical records unless the patient notifies them in writing not to do so.

In addition, current law includes only paltry civil fines, a mere $100 a day for violators. Moreover, a potentially enormous loophole allows third parties, such as drug companies, off the hook completely for criminal violations. Unless we get our priorities straight, the needs and concerns of consumers and patients will continue to be trivialized.

Likewise, federal protection of financial records is inadequate.

In 1999, Congress passed the Gramm-Leach-Bliley Act to protect consumers' financial records. Yet, the language did not require financial institutions to get their customers' consent before disclosing financial data to third parties. While companies are required to issue privacy policies to their customers, there are no criminal penalties for failing to do so, nor can aggrieved customers sue for privacy violations.

Thus, there may be a perverse incentive for companies not to issue privacy policies in the first place. In response to the U.S. Treasury Department's request for comment on the act, a coalition of 37 state attorneys general wrote that "current law does not adequately protect consumers' privacy."

Other federal laws appear similarly toothless.

For example, the Right to Financial Privacy Act, which protects financial records, contains no criminal penalties. The Children's Online Privacy Protection Act, which protects the personally identifiable information of minors, contains no criminal penalties. The Fair Credit Reporting Act, which protects consumer credit reports, has only a two-year maximum penalty for criminal violations. Something is seriously amiss when a car thief rightfully can get up to 10 years in prison for interstate auto theft, but a business that discloses medical or financial records can get off with a slap on the wrist.

It has been said that consumer information is like gold. Without the credible threat of criminal prosecution, those who harvest medical and financial information for profit will have little incentive to halt their lucrative crimes. The right to privacy, to be left alone from unwanted intrusion, is one of this country's most cherished traditions.

We owe it to every American to protect their most intimate personal data from unscrupulous profiteers. The sooner we act the better.

Joseph R. Biden Jr., a Democratic U.S. senator from Delaware, is chairman of the Senate Judiciary Subcommittee on Crime and Drugs.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.