New Privacy Protections Sought For Information Age
Attorney General Spitzer today announced a comprehensive plan to improve and expand privacy protections for all New Yorkers.
The plan is designed to give citizens greater control over the use of personal information, protect against unauthorized disclosures of confidential data and prevent crime, while at the same time encouraging technological development and expanding e-commerce in the state.
"New technology has brought extraordinary benefits to society, but it also has placed all of us in an electronic fishbowl in which our habits, tastes and activities are watched and recorded," Spitzer said. "Personal information thought to be confidential is routinely shared with others without our consent."
"Without taking the information out of the Information Age, we need to strengthen privacy protections and reclaim a fundamental American notion -- that the individual has a right to be left alone," he said.
At an Albany news conference, Spitzer chronicled specific ways in which personal privacy has been eroded in recent years. For example, financial institutions have sold confidential information about their customers -- including credit lines, account balances and other credit information -- to telemarketers. Commercial websites have obtained sensitive personal information from consumers and sold it to third parties without consent. And, so-called information brokers have collected information about individuals and families, and compiled elaborate computer profiles which are then made available for a price to employers, insurers and lenders.
In response to these and other problems, Spitzer announced an enforcement agenda focusing on companies and organizations that violate existing privacy laws or fail to conform the policies they claim to follow; a cooperative venture with the Business Council of New York designed to assist businesses in developing appropriate privacy policies; and a seven-part legislative agenda. The overall initiative was praised by representatives of leading public policy groups, privacy experts, and others. (See attached.)
As part of the enforcement agenda, Spitzer announced a settlement with Chase Manhattan Bank, which was sharing detailed account information of its credit card customers without adequately disclosing this fact to those customers. The bank was sharing a wide variety of personal financial information about its customers -- including credit line, account balances, and other credit information -- to third party marketers. The information was then used for telemarketing and direct mail solicitation of Chase customers. The bank received a commission on business transactions between the telemarketers and the customer. Under the settlement, Chase has agreed to stop sharing its customers’ personal financial information with third party marketers. Further, under the agreement, Chase can only share the name, address and telephone number of its customers if they are given an opportunity to "opt-out," and the third party marketer cannot identify any of the customer’s financial information. By entering into this agreement, Chase has agreed to restrictions on the sharing of personal information that go well beyond those contained in current law.
Spitzer also announced a separate settlement with a leading Internet company over the disclosure of personal identifying information. The company, InfoBeat, had promised its subscribers that confidential information would not be disclosed to third parties. Due to a programming error, however, certain advertisers had access to subscribers’ e-mail addresses during normal browsing activities. InfoBeat worked with the Attorney General’s office in addressing this situation and in enhancing security of their website.
The cooperative venture with the Business Council involves conducting a survey of New York companies’ privacy policies, analyzing that data for strengths and weaknesses, and encouraging businesses to adopt sound privacy policies.
Spitzer praised the leadership of the Business Council for recognizing that e-commerce will flourish only when consumers have confidence that Internet transactions are secure and confidential. "To the greatest extent possible, we want to achieve our privacy protection goals through the voluntary compliance of companies. The Business Council’s involvement in this project will help ensure that is the case," Spitzer said.
The legislative package includes the following:
- Preventing banks and credit unions from disclosing personal financial and detailed transaction information without the express prior written consent of the customer;
- Restricting the ability of information brokers to sell profiles of individuals developed through the analysis of personal data collected from many different sources;
- Authorizing consumers to prevent commercial telemarketers from calling and faxing them at home through a new "opt-out" program;
- Permitting consumers to gain access to a free copy of their credit reports and increasing penalties for unauthorized disclosures of credit reports and other violations of the Fair Credit Reporting Act;
- Prohibiting companies from selling personal identifying information obtained from Internet users;
- Giving Internet users a right to stop repeated unsolicited e-mails from on-line marketers; and,
- Making "identity theft" a separate crime and ensuring that appropriate penalties can be imposed and that victims can be compensated.
For Adobe PDF files you can download Adobe Reader from Adobe Systems.