|
|
|
|
|
| Second Annual Report of the Privacy Rights Clearinghouse EXECUTIVE SUMMARY January 1995 (Contact the Privacy Rights Clearinghouse if you wish to receive the complete version of the Second Annual Report, 68 pages, in paper copy. Public awareness of the threats to personal privacy has continued to grow during the past year. Media reports on privacy are now becoming commonplace. Polls indicate that the number of Americans who are concerned about privacy is at an all-time high. The 1994 Equifax-Louis Harris national survey finds 84% of the public concerned about privacy threats, with 51% of these "very concerned." (NOTE: Alan F. Westin, "Fact Sheet: Selected Findings from a 1994 National Opinion Survey on Privacy...", distributed at the Privacy and American Business national conference, Oct. 4-5, 1994, Washington, D.C.) During its second year of operation, the Privacy Rights Clearinghouse (PRC) expanded and refined its services. It continued to take calls from California consumers on its toll-free hotline, answer their questions, and offer advice and referrals regarding their privacy-related complaints. With this report, the PRC continues the practice, begun in its first year, of analyzing the content of consumers' calls to the hotline and reporting on them. The PRC--was funded in 1992 by the Telecommunications Education Trust (TET), a program of the California Public Utilities Commission. The hotline officially became operational in October of that year. As the first consumer education program in the United States to focus solely on personal privacy protection, the PRC was an experiment. Its success was immediately apparent. In the first three months of operation, the PRC hotline received over 5,000 calls. By the end of the first year, over 11,000 calls had been logged. It was obvious from the start that the PRC was filling a need. Consumers who responded to an evaluation distributed to a random sample of hotline callers gave the service high marks. They praised both the quality of information provided by staff via hotline calls, as well as the value of the fact sheets which were developed by the PRC. (NOTE: For more information about the program's first year of operation, see: First Annual Report of the Privacy Rights Clearinghouse (Jan. 1994).) Given the success of its first year, TET funded the program for an additional 20 months, from July 1993 through February 1995. The PRC budget was supplemented during the second year by an award from a class action settlement against the retailer Miller's Outpost, discussed further in section C below. This report covers the period of time from October 1993 through September 1994, the second full year of hotline operation. While the overall number of calls to the hotline dropped during its second year, the PRC increased the number of fact sheets distributed to consumers. The PRC staff fielded 6,114 calls from California consumers, compared with 11,400 during its first year. Despite the 45% reduction in calls, the distribution of facts sheets rose by 25%, due in large part to more outreach to community-based organizations in California. By the end of its second year, 17,516 consumers called the PRC hotline for information and for assistance regarding complaints. The PRC developed an additional six fact sheets during its second year. It now offers 16 fact sheets to consumers, available in English and Spanish. New topics are government records, responsible information-handling practices, stalking prevention tips, what to do if your wallet is stolen, employment background checks, and merchant information-gathering restrictions. These join the project's standard-bearers on credit reports, unwanted mail, telemarketing sales calls, and Social Security numbers, as well as medical records privacy, workplace monitoring, wiretapping, wireless phones and harassing phone calls. The PRC expanded its presence on the Internet this year. In May 1994 we made fact sheets, legislative analyses, a privacy bibliography and various issue papers available on USD's Internet gopher site. (We discontinued using the computer bulletin board system, finding it to be user-unfriendly.) This year the PRC was also given its own home page on the World-Wide Web by the ManyMedia company. During year two, the PRC markedly increased its participation in policy forums in which we brought privacy issues to the attention of government and industry leaders on the local, state and national levels. We also participated in a number of conferences and workshops where we made decisionmakers, consumer advocates, staff members of social service agencies, and industry representatives aware of our program's findings and observations. In all, we participated in nearly 30 such policy proceedings and conferences. These included: hearings for the Clinton Administration's National Information Infrastructure (NII) initiative; an intelligent vehicle-highway system forum; several presentations on fraud issues to seniors groups; and participation in the Mayor of San Diego's "City of the Future" task force. The number one topic on the hotline during our second year was unwanted mail, the complaint of nearly one third of hotline callers. General privacy concerns ("send me all of your fact sheets") was second. Credit-related calls placed third, followed by medical records and telemarketing sales calls. These five topics accounted for 85% of the calls to the hotline. These issues were also the top-ranking concerns during the PRC's first year, although not in the same order. Last year, credit-related calls topped the list. It is worth noting that the majority of credit-related calls in both years were marketing related. Callers were responding to news stories about new California laws that enable consumers to opt out of the use of their credit-related profiles for marketing purposes. Hotline statistics tell only part of the story regarding the privacy-related concerns of consumers. By talking directly and in depth with the individuals who call the hotline, the PRC has a unique perspective on the types of privacy threats consumers face. Our analysis of specific callers' experiences forms the heart of the report. Case studies are appended to this Executive Summary. The reader is advised to read the full report for our analysis of the case studies. We offer the following observations about the nature of informational privacy abuses experienced by consumers and their reactions to them:
Based on our experience in responding to consumers' privacy questions and concerns, we offer the following recommendations regarding initiatives that can be taken in both the public and private sectors to strengthen privacy protection. Recommendation one: disclosure and consent opportunities. Information technologies allow personal information to be gathered and disseminated in ways that are for all practical purposes invisible to consumers. It is incumbent upon the entities which compile and use personal information to pull back the curtains and make their usage visible to consumers. We therefore repeat the call, recommended in the PRC's First Annual Report, for improved opt-out opportunities. Consumers should be told at the time their personal information is first gathered how that information will be used by others and how they can opt out of such uses. Such reporting would remove a great deal of the ambiguity that surrounds the compilation and use of personal information. Recommendation two: privacy audits and impact statements. The need to analyze the impact of information technologies on consumers' privacy is a necessary counterpart to offering disclosure and consent opportunities, especially given the extraordinarily rapid development of the so-called "information superhighway." It is apparent, for example, that the growing crime of identity theft is a result of all-too-easy access to personal information. If all of the implications of our fluid credit economy had been explored as it was being developed, we perhaps would have seen the implementation of more effective means of verifying the authenticity of personal documentation. Recommendation three: addressing solutions to identity theft. The PRC has observed an alarming increase of identity theft calls to the hotline this year. Criminals obtain credit card account information, Social Security numbers, driver's license numbers and other identifiers in order to impersonate their victims. Using someone else's identity, they spend as much money as they can in as short a time as possible before moving on to someone else's name and account information. The PRC sees the need for a concerted societywide effort to find and enact solutions to identity theft. Recommendation four: training in personal information handling, including fraud awareness. The PRC's First Annual Report highlighted the need for "information sensitivity training" for all persons who handle personal information in the workplace, whether in the public, private or not-for-profit sectors. During year two, the PRC developed fact sheet number 12, "Checklist of Responsible Information-Handling Practices," to assist in that process. We continue to observe that errors and carelessness are the cause of many of the privacy abuses reported to the hotline. Inadequate security is also a factor. This year we became more aware of the role these factors play in the growing crime of identity theft. We therefore add fraud awareness to our call for societywide workplace training in information handling. The PRC will continue to develop materials and services to support this effort. The final two recommendations address the future development of the PRC. Recommendation five: diversifying and stabilizing the PRC's funding sources. The PRC is in its final year of receiving funding from a relatively stable source, the Telecommunications Education Trust. Given the valuable role which we believe the PRC to be playing, we recognize the importance of obtaining funding from a number of sources, including the possibility of generating revenue from services and products. Recommendation six: diversifying the PRC's outreach. Our own random sample evaluation of PRC services shows the need to broaden our outreach to racial and ethnic minorities in California. We realize the importance of direct outreach to community-based organizations which provide services to such groups, and therefore must step up our fundraising efforts to support adequate staff and travel budgets for this effort. Relying solely on media channels to alert the full spectrum of Californians to the PRC's toll-free hotline is not sufficient. We must also visit community-based organizations and inform their staff members of the PRC's services and messages so they in turn can inform members of their communities. The Privacy Rights Clearinghouse is facing the end of its main source of funding, the Telecommunications Education Trust, and is seeking new sources of funds in a very competitive environment. The act of contemplating our possible institutional mortality as we apply for grants has allowed us to focus on the uniqueness of the program as well as its value to consumers and decisionmakers alike.
At this time, the PRC is not encouraged that privacy will be adequately safeguarded on the information superhighway, whatever shape it ultimately takes. Although the Annual Report notes several promising industry initiatives, the PRC does not yet see significant evidence that their self-regulatory acions are effective. When the relatively straightforward process of allowing consumers to say "yes" or "no" to having their names included on marketers' mailing lists cannot be accomplished, we are not encouraged that more serious privacy concerns such as medical history confidentiality can adequately be safeguarded in an increasingly electronic environment. There is obviously much work to be done by consumer advocates, civil libertarians and officials in industry and government. And there is an obvious role for organizations like the Privacy Rights Clearinghouse to play in shining the spotlight on privacy-abusive practices in both the private and public sectors. CASE STUDIES FROM THE HOTLINE The following cases illustrate the variety of situations experienced by California consumers who have called the PRC hotline for assistance. These cases are discussed in more depth in the Second Annual Report. INVISIBLE INFORMATION GATHERING Case 1. Credit card usage and reverse appending Jed and his wife have reduced the volume of junk mail that comes to their home to a mere trickle. For several years they have diligently notified mail order companies and other direct marketers of their desire to be removed from mailing lists. Jed was shocked when, out of the blue, he started receiving the catalog of Eddie Bauer, a mail order company that sells outdoors products. Although he and his wife shop at the company's retail outlets, they do not order by mail. Jed wondered how they could possibly be receiving the catalog. (NOTE: Names and locations are changed to protect the privacy of hotline callers. However, organization names are not changed.) After much detective work, Jed discovered a little known procedure called "reverse appending." The last time his wife shopped at that particular store, she paid with a credit card. Unknown to Jed's wife, and even to the store clerk, the store was capturing credit account numbers from the magnetic stripe on the backs of credit cards and transmitting them to one of the large credit reporting companies. That company, Trans Union, then determines the name and address of the holder of the credit card numbers and gives that information back to Eddie Bauer. This process is called "reverse appending." The outdoor company then determines which of those credit card users are not already on their mailing list and sends catalogs to them. Jed was able to obtain a letter from the Eddie Bauer company admitting that it uses the process of reverse appending. The company apologized to Jed and said it would not send any more catalogs to him. Case 2. Digitized signatures on credit transactions The hotline received several calls this year from people who did not like having to sign their names on a device called an electronic signature pad when paying by credit card. They wondered if their signature could be accessed later by unscrupulous employees or hackers. In virtually every case, the clerk at the point-of-sale terminal was unable to explain why the store was using the electronic signature pad and had no information for customers on whether or not safeguards had been put in place to limit access to the digitized signatures. One hotline caller reported that a pet store had attempted to collect his signature surreptitiously by placing the credit card form over the pad without telling him that he was writing on an electronic device. JUNK MAIL: THE NUMBER ONE HOTLINE TOPIC Case 3. Mail inappropriately targeted Kevin receives at least two mail solicitations a week from Secure Horizons, a medical plan for senior citizens. He is 35 years old. Even though he has repeatedly requested to be taken off its mailing list, the company has not complied. Case 4. Unwanted gay-themed mail Bob has been receiving gay-themed junk mail and does not know how he got on these mailing lists because he is not gay. He received the catalog Shocking Gray and an advertisement from the long distance company AT&T. Bob asked the PRC how to get his name taken off such lists. We suggested that Bob contact each company that mailed him the ads and ask where they obtained their lists; with that information, he can contact the organization which originated the list and/or the company which rents the lists and request to have his name removed. (NOTE: Since this call was made, the PRC has learned the name of the major gay/lesbian list marketer and is able to give that information to callers with similar experiences. That company is Strubco, Inc., located in New York City.) Case 5. Advertising mail to the deceased Jean's elderly mother, who had lived with her for several years, died six years ago. Jean still receives advertisements for hearing aids from Beltone addressed to her mother. Even though she has contacted the company many times during the past six years and has asked that it remove her deceased mother's name from its mailing list, Beltone continues to mail the ads to her address. Case 6. Unwanted mail that hurts Margaret was pregnant and ordered a catalog for maternity clothes. She then had a miscarriage. Two years have passed and she still gets baby-related catalogs and other mail solicitations, even though she has notified several of the mailers that she no longer wants to receive such mail. Cases 7-10. Mail solicitations to the vulnerable
Case 11. Unwanted catalog mail Mary has a sister-in-law who is mentally retarded and keeps ordering merchandise that she does not need from the mail order company Fingerhut. The family can't afford to pay for the items she orders. They have contacted the mail order company on numerous occasions, requesting that the orders be disregarded and that no more catalogs be sent. The company has disregarded Mary's repeated requests. We suggested she contact the Direct Marketing Association, since the mail order company is one of its members. Case 12. Unwanted political mail Evelyn has worked hard to eliminate junk mail. Since 1992 she has written over 2,000 letters to get her name off mailing lists. She has kept a log of her correspondence. Her worst junk mail offender is the Republican National Committee. She has written them 18 times and still keeps getting mail. THE GROWING PROBLEM OF IDENTITY THEFT Cases 13 and 14. Identity theft and reluctant authorities
Case 15. A victim takes charge John was the victim of identity theft as a result of filling out an automobile loan application. An employee of the auto dealership used information from the loan application to open several credit card accounts. He even leased an apartment in John's name. John thinks the imposter called John's home several times to listen to his telephone answering machine in order to copy his speech patterns. John had difficulty getting the police department to take an interest in his case. He finally hired a private investigator who had once worked for the police department. The PI not only was able to uncover information about the imposter, he convinced an acquaintance in the police department to take on the case. The imposter has since been arrested. Case 16. Identity theft that led to job loss Belinda's ex-roommate Nancy fraudulently obtained a driver's license under Belinda's name. When Belinda contacted the Department of Motor Vehicles about it, they told her not to worry. Soon thereafter Belinda got a new job. After one month on the job, she was fired. Her employer learned that Belinda had committed a felony, even though it was her ex-roommate Nancy who had committed the crime while in possession of Belinda's driver's license. Belinda called the DMV again and was told they would not be able to "flag" her driver's license record. The PRC called the DMV on her behalf and found someone who would help Belinda. Case 17. Identity theft and bad checks Junior's check was refused by the supermarket where he shops. The clerk verified the check with the Telecheck service and found that Junior's driver's license number had been associated with bad checks. The supermarket clerk gave Telecheck's 800 number to Junior, and he called to learn what could be done about the situation. Telecheck said the bad check writer was using an entirely different name from Junior's, and in fact was a woman. They said they would separate the records so Junior would not have additional problems cashing checks. Junior wanted to report the crime to the police and asked for the name of the imposter. Telecheck refused to supply that information, telling Junior that they would give it directly to the police, but not to him. But when Junior went to the police department to ask their help, he was told they would not write a police report. Case 18. Identity theft with the DMV's assistance Glenda (her real name) found out that someone else was using her driver's license number when her local supermarket refused to honor her check. Through her own extensive research, she learned that not only was the imposter using her driver's license number, she had ordered a new driver's license from the DMV under Glenda's name. The imposter succeeded in having the photograph, address, height and weight changed on the license. Despite the extent of the changes requested, the DMV did not question the imposter's reason for making those alterations. Glenda thinks the imposter was able to retrieve Glenda's credit report from an automobile dealership, because the imposter went on to charge thousands of dollars on Glenda's credit card accounts. The imposter also opened a bank account in Glenda's name and wrote many bad checks. (NOTE: Glenda has taken her case to the media and has allowed her real name to be used.) In the meantime, Glenda attempted to have her driver's license number changed and to have a new license issued to her. The DMV told her that no changes would be made unless she could provide a police report. Because the imposter was using Glenda's driver's license in several municipalities in the Los Angeles area, Glenda took time off work--a week total--and traveled from police station to police station in order to obtain the necessary police statements. She was turned down by all but one. With a police report in hand, she was able to convince the DMV to issue her an interim driver's license. Unfortunately, it could only be used for driving, not for identification. The DMV told her that a new license could not be issued until an investigation was conducted. Glenda was not willing to wait any longer. She contacted her state senator and complained about the DMV's handling of her case. Shortly thereafter, she was issued a new driver's license, complete with new driver's license number. SOCIAL SECURITY NUMBER ABUSES Cases 19-24. Social Security number abuses
IRRESPONSIBLE INFORMATION HANDLING Case 25. A credit report sent to the wrong person Charles ordered a copy of his credit report and was shocked to find a woman's report included in the envelope that contained his report. To make matters worse, the stranger's report had a "security alert" attached to it. Charles called the credit bureau to report the error and was told they thought the woman was his wife, even though she had a different last name. Case 26. Institutionalized irresponsibility--hotels have your number George and his wife were on a long driving trip through California. Near nightfall, George used his carphone to call a hotel nearby where they often stay when they are traveling, the Apple Farm Inn. He made a reservation for the evening. The hotel clerk asked if he wanted to charge it on his Mastercard. As George was about to tell the clerk his account number, the clerk said, "Oh, don't bother, we have it right here in our computer." George was appalled that this information was readily available to all the hotel employees, just because he happens to stay at that hotel from time to time. He is concerned about security. What happens when this information gets into the hands of an unscrupulous employee? George spoke to the manager when he arrived at the hotel and suggested that collection of this type of information is a violation of the California law that prohibits retailers from recording personal information when the customer pays by credit card. George has since called several other hotels where he has stayed. He learned that all of them maintain databases of repeat customers containing name, address, driver's license number and credit card number. Case 27. Dubious advice from a bank Sandra called to tell us that her bank sent her a card with instructions to fill it out with all her account numbers listed on it, and then keep it in her wallet. The bank advised that this procedure is supposed to help its customers keep their account information handy. Sandra rightfully pointed out what a bad idea that is. The "handy" wallet card would also make account information available to anyone who might steal or find her wallet. TELEMARKETING: A LAW HELPS CONSUMERS Cases 28-31. Telemarketers who wouldn't quit
WIRELESS WOES Case 32. Cordless phone eavesdropping A couple who live in an apartment building learned that the apartment manager and her son had eavesdropped on many of their cordless telephone calls with a radio scanner. They hired an attorney to sue the manager for invasion of privacy. The attorney contacted the PRC for information to support the case. ACCESS TO PUBLIC RECORDS Case 33. Public records and dirty tricks Dick, who was recently divorced, was dating Helen, who had also been divorced. Helen's ex-husband looked up Dick's divorce file at the courthouse and got information about his contractor's license, also public record. The ex-husband called Helen's attorney to tell him that Dick was hiding assets, an allegation that was not true. Dick was worried that Helen's ex-husband might also get access to his credit report and called to find out how he could prevent this from happening. THE SENSITIVITY OF MEDICAL RECORDS Case 34. Erroneous medical information that won't go away Eduardo is attempting to get health insurance but his doctor has placed erroneous information on his record stating that he is a major medical risk. Blue Cross said it is willing to insure him if indeed the information is erroneous, but only if he gets expensive medical tests first. Eduardo is in a "Catch-22" situation because, without insurance, he cannot afford the tests. Case 35. The company wants to know it all The company Bob works for asked all employees for medical histories dating all the way back to birth, including information on their spouses. The employees challenged the request and the company backed down. Bob is concerned that the company will attempt to collect this information some time again. The company pays 80% of employees' premiums. The PRC informed Bob that California law allows employers who pay for employees' medical coverage to have access to medical information only to the extent needed to determine the insurance payment. Case 36. The nosy doctor who happens to be her landlord Anna's landlord is a medical doctor, and she sometimes babysits for his children. When Anna had back problems, she went to another doctor for medical treatment. Anna's landlord knew the physician she saw for her back problem and contacted him. The two doctors talked about Anna's condition. Anna was shocked that the two doctors had not honored the confidentiality of her medical condition. She thought that her landlord's interest in her case was less than sincere--that he perhaps was worried that he might lose his babysitter. Case 37. Medical information released to drug company Herbert went to the hospital for treatment for prostate cancer. Four weeks later he got a mail solicitation for a prostate medication. Herbert attempted to find out who had released the information to the drug company. His doctor said he did not, as did the pharmacy. Herbert thinks it was the hospital because the envelope was addressed to him in the same way his name is recorded by the hospital. Case 38. Putting an undercover officer at risk Martha is married to an undercover police officer. They both take extra precautions to safeguard their home address because of the threat of suspects learning her husband's true identity. When Martha went to the hospital to have a baby, she insisted that they not release her home address to anyone, including direct marketers. Three days after she returned home with her newborn, she began receiving mail solicitations for baby-related products addressed to her home address rather than her post office box. The hospital had not respected her wishes. Martha contacted her state Assemblymember to complain about the violation of her family's privacy. An aide to the legislator found a loophole in California's medical confidentiality law that allows providers to release directory information without the patient's consent. Included in the types of information that can be released is "a general description of the reason for treatment." The aide contacted the PRC for assistance in drafting legislation to close the loophole. No progress was made in advancing the bill, however. CREDIT INFORMATION: MORE CONTROL FOR CONSUMERS Case 39. Bad credit information that keeps coming back Loren's business was liquidated seven years ago. His attorney filed bankruptcy for him, but the debts were settled, so the bankruptcy was dismissed. Two of the credit bureaus picked up the old bankruptcy from public records and placed that information on his credit report. Loren took one of the credit bureaus to court in order to have it removed and won a $350 award. Unfortunately, the erroneous information has since returned, and Loren says the credit reporting companies have done nothing to have it removed. Case 40. Credit report obtained by snoopy in-laws Carlotta was engaged to be married to Jim. When visiting her in-laws-to-be, she was shocked when they indicated they knew a great deal about her finances, information they could only have gotten from her credit report. She ordered her credit report and found that an inquiry had been made by a small credit bureau in the same state as her fiance's parents. Carlotta surmises that Jim's parents were able to convince the proprietor of the credit bureau to pull her credit report, even though they did not have a legitimate business need for it. Carlotta contacted the credit bureau owner and asked who had made the inquiry. The owner said there was no record of the transaction. Carlotta considered suing the credit reporting company for invasion of privacy and violation of the Fair Credit Reporting Act. She ultimately decided against it because she wanted to put the incident behind her. She did, however, call off the wedding. THE WORKPLACE: CHECK YOUR PRIVACY RIGHTS AT THE DOOR Case 41. Telephone monitoring of personal calls in the workplace Jan's employer has made a "private" phone line available for its employees so they can make personal as well as business calls on it. She learned that the employer is monitoring that line. Jan wanted to know if that is legal. We told her about state and federal statutes, as well as caselaw, that govern workplace monitoring. In particular, we made her aware of the prohibition against listening to personal phone calls. Case 42. Voice mail monitoring John works for a junior college and uses the campuswide voice mail system. He was alarmed to learn that voice messages are backed up and stored electronically for a period of time. He thought that by using the "delete" feature on the voice mail system, his messages were truly being deleted. One of John's colleagues has hinted that he is aware of some of the messages left on John's voice mail. John is gay and says that the content of some of the personal calls left on voice mail refer to the fact that he is gay. He is a ten-year employee of the college and is worried that he will not be promoted in the future. Case 43. Workplace wiretapping and surveillance Art worked for a General Motors-owned Delco plant, a defense contractor, in Santa Barbara. He and another employee learned that the management engaged in wiretapping and surveillance of employees. When they complained, they were fired. Several court cases ensued, and GM settled out of court. Art called the PRC for advice on who he could contact to publicize the case, perhaps someone who might be interested in writing a book or a lengthy investigative report about the case. (NOTE: See full Annual Report for newspaper citations regarding this case.) Case 44. Wrongful access to employment records Emily and Edward, who are married to each other, are both federal employees who work for the same agency. Their earnings information was accessed wrongfully via computer by another employee, Edward's ex-girlfriend, who was stalking them both. The stalker/employee was fired, but was later reinstated into her original position. Emily and Edward have written complaint letters to their employer and their legislators about this situation. DIGITAL MANIPULATION Case 45. Voice mail hacking Carol left the florist company that had employed her for several years and formed her own flower business. She uses voice mail to take messages when she is not able to take phone calls herself. Carol learned that her voice mail message had been changed by someone who was not authorized to do so. The new message was harmful for her business. Carol learned that the manipulation had been done by one of her former employer's clerks. Carol says that for someone else to find out the password to the voice mail system, all they need to do is call the voice mail company and give the user's Social Security number, something her former employer would have. The PRC suggested she contact an attorney regarding the possibility of taking action against her former employer. COPS IN CYBERSPACE: GOING TOO FAR Case 46. A young hacker learns the hard way Wanda's 16-year-old son Bud was involved in a hacking case. He had found an access code to Thrifty Tel long distance company on a computer bulletin board that he sometimes accessed. Bud tried to use it to hack into the company's computer system. After 12 minutes, he gave up and never again attempted to hack into computer systems. Several months later, the family was awakened at 5:30 a.m. with a S.W.A.T. team at their front door. Thrifty Tel had convinced the District Attorney's office and the local police department that Bud's hacking attempt was dangerous to society. Bud was arrested at gunpoint and his computer was seized. The family has been fined $2,800 for violation of a California Public Utilities Commission tariff. They were also charged $1,500 for investigative fees. Bud was put on parole for six months and may not touch a computer during that time. The PRC referred Wanda to the Electronic Frontier Foundation, the Washington D.C.-based organization which often represents hackers in such cases. (NOTE: Thrifty Tel has received over one million dollars by collecting such fines from hackers and would-be hackers. Joe Tash, "Outlaw Hackers Lead Police on Data-chase," San Diego Union-Tribune (August 22, 1993) B-1.) CONFUSION OVER MERCHANT LAWS Case 47. Taking consumer vigilance too far? Or, "I know I'm right, and the PRC can prove it!" Steven was at the local office of his auto insurance carrier and wrote a check for his policy. The auto insurance company insisted on having his driver's license number written onto the check. Steven insisted, equally as vociferously, that it was against the law for him to be required to do this (which it is not). He made a major fuss. The insurance company called the police who took him to jail. Steven called us to verify the law. We informed him that the insurance company was within its rights to require his driver's license number. These case studies are taken from hotline calls received by the Privacy Rights Clearinghouse from October 1993 through September 1994. For legal citations to the laws discussed in the case studies, see the full version of the Second Annual Report. This only goes to underscore a point made earlier: Consumer education works. When consumers are given adequate information about the privacy implications of a technology, they take action. Let's hope that what California has learned from this unprecedented consumer awareness campaign is applied to other situations where communications technologies have the potential to threaten personal privacy. |
| Copyright © 1995-2006. Privacy Rights Clearinghouse/UCAN. This copyrighted document may be copied and distributed for nonprofit, educational purposes only. For distribution, see our copyright and reprint guidelines. The text of this document may not be altered without express authorization of the Privacy Rights Clearinghouse. This document should be used as an information source and not as legal advice. PRC documents contain information about federal laws as well as some California-specific information. Laws in other states may vary. Overall, our information is applicable to consumers nationwide. |
