Responding to increased public concerns about privacy issues, the National Association of Attorneys General released a set of fairly strong guidelines Friday (3/16) urging the adoption of laws that would force commercial interests to actively seek permission from people before selling or trading their personal information.
Although the chief law enforcement officers stopped short of recommending any specific legislation at the state or federal level, they agreed on a number of "principles" that ought to be applied as lawmakers wrestle with such problems as identity theft and telemarketing fraud schemes. Consumers, they said in a statement issued at their spring conference in Washington, D.C., ought to have ultimate control over how, when and to whom their personal financial, medical and other information is distributed.
"More and more Americans are finding that their Social Security numbers, bank and credit card balances, buying habits, and other personal information are being gathered, sorted, bought, sold, and used by businesses unknown to the consumer," the attorneys general said. Consumers, they added, "are frightened that the information will be used against them."
The NAAG membership went on to list seven general principles in a report on privacy concerns they suggested should be used in deciding whether to enact new regulations dealing with both the "online" and "offline" use of personal information.
The list included a recommendation that companies, particularly those dealing with financial data, seek the "affirmative consent" of clients prior to the disclosure or secondary use of any information, even among affiliated companies. The NAAG "opt-in" approach, as it's called, to strengthening privacy laws goes much further than current federal statues, which do not require companies to notify consumers that information they supplied is being sold, shared or used for some other purpose."Notice must be given both before collection of information and prior to any material change in information practices," the NAAG report stressed. "In addition, if there are consequences to an individual who exercises a choice not to allow sharing or use for secondary purposes, a business should describe those consequences in its privacy notice."
The NAAG membership also recommended that company privacy policies be made clear and easy for consumers to find in written or online materials, which would help resolve any later disputes over what was "hidden in dense, fine print."
In addition, the attorneys general said consumers should be given "reasonable access" to personally identifiable information and allowed to correct, amend or delete inaccuracies. They also called for companies to take stronger steps to secure data in order to prevent leaks or theft. At the same time, they urged state and federal authorities to do a better job of working together to curb the misuse of personal information.
It's not clear what impact, if any, the NAAG recommendations will have on the privacy debate. Lawmakers in at least thirty states attempted last year to strengthen privacy laws by using many of the suggestions outlined in this year's NAAG report. Most of those attempts failed, and most have already failed again this year.
But seven states -- Alaska, Florida, Illinois, Maine, Maryland, North Dakota and Vermont -- have adopted reasonably strong laws governing the control of personal financial, medical and other information.