Search This Blog

Tuesday, August 02, 2005

The Brits are Whipping Us in the Protection of Personal Data and Identity Theft

The Data Protection Act (DPA) of the United Kingdom, passed in 1998, seeks to strike a balance between the rights of individuals and the sometimes competing interests of business. That’s a good idea for the U.S., even after it has become obvious that American companies like LexisNexis, ChoicePoint, Bank of America, (and the list goes on and on) have done a lousy job of protecting our personal data.

The UK DPA fact sheet goes on to say that…”Anyone processing personal information must notify the Information Commissioner’s Office (ICO) that they are doing so, unless their processing is exempt.” In this case the Brits have taken control over consumers’ names and personal data with the requirement that business must inform the ICO of their use. Yes, there are exemptions, but this is the “balance” mentioned in paragraph one that we must achieve.

If you really want to dig deeper, go to the UK Data Protection Act 1998 for the complete version, which is far better than what we have—which is almost nothing—but still doesn’t go far enough. And no, I won’t be satisfied until every American consumer has 100% control over their name and personal data and is compensated for its use.

U.S. Senate Bill 1408, sponsored by Gordon H. Smith of Oregon, appears to be a lame, Republican attempt to appease the electorate, while leaving the responsibility for safeguarding our private information with the very companies that have proved they can’t do it. Even two prominent Democrats are co-sponsors of the bill: Senators Hillary Rodham Clinton of New York, and Bill Nelson of Florida.

The bill—whose description states it is supposed to strengthen data protection and safeguards, require data breach notification, and further prevent identity theft—talks about restraining the sale of Social Security numbers. What possible difference could that make when it would take me no more than around $50 and five minutes to get one on the Internet? They are already available everywhere and you will never stop the black-market trade in such a valuable means to achieving identity theft. The only answer is a unique ID with an opt-in only for the use of our name and personal data.

So where is Senate Bill 1408, the Identity Theft Protection Act, going? Probably nowhere, unless there is an outcry from the American people for Congress to get off their butt and do something. It was last worked on July 28, Congress is now going into its August recess, and who knows what will happen in September? With this kind of Congressional apathy, the timing for my grass-roots movement to give consumers 100% control over their name and personal data couldn’t be better.

I ran into another very interesting site from the UK. Deavonshire Marketing’s Vanessa Land is writing on the protection of our name and personal data and the identity theft problem. Her article, “Growing Concern Over Identity Cloning, Theft and Fraud Is Forcing Companies To Take Greater Precautions To Safeguard Consumer Privacy” is a must read. She quotes Graham Sadd, CEO, PAOGA Ltd., personal records management specialists, as confirming what we all know: the fact that consumers are very concerned over identity theft.

Sadd makes another significant statement: “Data loss and identity theft doesn’t just happen at the individual level. Unscrupulous criminals are also targeting groups.” Precisely why the individual should have 100% control and be the only one with the data button. He goes on in the article to cover important topics that should catapult any lawmaking body that is supposed to protect its constituency into reality and action.

Topics like the fact that we don’t have a clue as to where all this private information is, therefore, how can we expect anyone other than ourselves to control it? Considering all the data output forced on the consumer each year, both required and willingly given, government and private, think of the number of new databases being created annually. And then Graham Sadd wraps it all up in the neatest bundle. Based on his theory that legal responsibility for a person’s data should be returned to the individual, you create a Personal Data Vault to secure this information. He does it at PAOGA using the vast resources of the Internet.

I have to tell you that I am blown away by this whole concept because it is exactly what I have been proposing for the last ten years, except for one clarification. With the number of scam artists in this country, legal ownership is probably not advised. The answer is federal legislation to give consumers 100% control. Otherwise, Mr. Sadd has the whole program in place and the U.S. junk mail industry and members of Congress should take note and get more information, which is exactly what I am going to do.

More on PAOGA and this exciting issue in my next post.

No comments: