Providence Journal-Bulletin (Rhode Island)
Outrageous as it seems, it is perfectly legal in the United States for private companies to sell your Social Security number to an interested party. They can sell your name and address, too. And they can do it even if you don’t want them to.
Thus a California organization, the Foundation for Taxpayer and Consumer Rights, recently bought Massachusetts Governor Romney’s Social Security number. Before that, it bought the Social Security numbers and home addresses of U.S. Atty. Gen. John Ashcroft and CIA Director George Tenet.
Yet not only is little being done to strengthen Americans’ control over their personal information. The Senate is on the verge of passing legislation, already approved by the House, that would keep regulation weak, and bar state governments from enacting stronger protections.
At issue is reauthorizing the Fair Credit Reporting Act. As written, it would let companies continue sharing a person’s data with hundreds of “affiliates.” Few of these companies use the encryption technology that might keep this data secure. The explosion of identity theft cases in recent years is almost certainly linked to this bonanza of data sharing, made legal by the federal Gramm-Leach-Bliley Act of 1999.
Along with financial institutions, the credit-bureau industry has enormous power over how personal data is distributed and “protected.” Yet serious regulation that would make it more responsible in how it trades in and profits from Americans’ information is not even being contemplated. Last month, Equifax, one of the three major credit-reporting agencies, threw a fund-raiser for Republican Sen. Robert Bennett of Utah, who helped advance changes to FCRA that would tamp down pesky requests for copies of consumers’ reports. (Getting a copy of one’s credit report is a vital step in tackling identity theft.)
Jamie Court, a spokesman for the Foundation for Taxpayer and Consumer Rights, says that the average American can safely assume that tens of thousands of companies now hold copies of his or her personal data. A federal “opt-out” rule that lets Americans request that their information not be shared is little more than a sham, because it does not prevent sharing by affiliates.
This summer, California passed a law that limits data-sharing by affiliates. But if Congress passes the reauthorized FCRA, it will preempt tougher state laws such as California’s. Limiting the sharing of information is just a start. And yet Congress seems disinclined to take even this simplest of steps in the public interest. It is therefore imperative that states be allowed to write their own laws respecting financial privacy. An amendment to FCRA proposed by Sen. Dianne Feinstein (D.-Calif.) would preserve that right, and should be passed.