Know the Risk: Digital Transformation's Impact on Your Business-Critical Applications REGISTER >
Over the past three decades, Congress has passed a patchwork of laws designed to protector invadeprivacy. The results have been decidedly mixed, as the ongoing problems with lost or incorrect data and increased identity theft demonstrate.
Fair Credit Reporting Act
The Privacy Act
Electronic Communications Act
What it does: Allows consumers to view their credit reports and correct mistakes; limits access to consumer files to lenders, employers, landlords and anyone with a permissible business purpose.
What precipitated it: An avalanche of consumer complaints about inaccurate credit reports that had hindered their ability to obtain loans, buy a house, or even get a job, with no recourse to fix errors.
Comment: A notable first step to reining in the credit bureaus. Recent legislation improved on the FCRA by giving consumers the right to obtain one free credit report a year. But credit reports are still rife with errors, and the bureaus have been too lax about protecting files.
What it does: Requires federal agencies to inform people, at the time the agencies are collecting information about them, why this information is being collected and how it will be used; forbids agencies, without consent, from disclosing a person's records to anyone but that individual.
What precipitated it: Illegal surveillance of individuals, and surreptitious keeping of files by government agencies, exposed during the Watergate scandal.
Comment: The law has by and large curbed government privacy abuses and made agencies more transparent.
What it does: Attempts to extend to electronic communications, such as e-mail, the same protections from surveillance as oral and telephone-based communications.
What precipitated it: Fears that electronic communications were not covered by existing wiretap laws and, thus, could be accessed by authorities without judicial warrants or subpoenas.
Comment: A series of loopholes allow online services, ISPs and law enforcement to eavesdrop on electronic communications without first getting a court order.
Health Insurance Portability and Accountability Act (HIPAA)
Financial Services Modernization Act (also known as Gramm-Leach-Bliley)
U.S.A. Patriot Act (full name is Uniting and Strenghtening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism)
What it does: Mandates that consumers have access to their own medical records; requires healthcare providers to notify consumers about their privacy practices; compels healthcare providers to design systems to protect medical records from unauthorized individuals.
What precipitated it: Concern that the advent of electronic files left patient records, which had no legal privacy protection, more vulnerable to being intercepted by unauthorized individuals.
Comment: Offers minimal privacy protection. Even with HIPAA, most patients feel powerless to question the data policies of their healthcare providersthus giving the providers carte blanche to set up any procedures they choose. Meanwhile, private patient information can be used for marketing without consumer consent.
What it does: Calls for financial institutions to inform consumers about the information they collect about them, how it is used and how they can stop it from being sold; mandates that firms develop policies to prevent fraudulent access to data.
What precipitated it: An outbreak of identity theft, and worries that industry consolidation would encourage mega-financial firms to pass consumer files freely from one department to another.
Comment: To keep personal information from being sold to third parties or shared internally, consumers must opt outa right they are generally unaware of and that is usually offered in the small print. In addition, financial services firms have generally been lax about implementing security systems and have failed to stem identity theft.
What it does: Allows search of business and financial records, library history, bookstore purchases and the like pertaining to foreign intelligence suspects; permits eavesdropping on the Internet if an ISP agrees; authorizes the use of a single search warrant to snoop on a suspect's communications via land lines, mobile phone, the Web or any other means.
What precipitated it: Attacks of Sept. 11 exposed obstacles keeping law enforcement from investigating terrorism.
Comment: The bill has eliminated the walls that impeded law enforcement agencies from sharing information during terrorist investigations. Opponents believe it gives the government excessively wide-ranging rights to eavesdrop with little judicial oversight. So far, there have been no reported cases of privacy breaches as a result of the Patriot Act.