Sept. 2003: PRC's Privacy Update Newsletter


[1] Telemarketing Update:
-- PRC Offers Comments and Advice on Recent District Court Decisions
-- PRC Updates its Fact Sheet 5 on Telemarketing – Telemarketing: How to Have a Quiet Evening at Home

[2] PRC, Consumers Union, and Consumer Action Comment on Proposed Regulations Regarding Property Loss Databases to the California Dept. of Insurance

[3] PRC’s Newest Fact Sheet on Property Loss Databases and Insurance Scores” -- CLUE and You: How Insurers Size You Up

[4] Recent Surveys and Studies Shed Light on the Number of Identity Theft Victims and How They are Impacted

[5] PRC and Other Groups Oppose Data Mining of Health Information by Financial Institutions

[1] Telemarketing Update:
-- PRC Offers Comments and Advice on Recent District Court Decisions

Consumers nationwide are dismayed about recent District Court decisions that could postpone the implementation of the National Do Not Call Registry that would stave off telemarketing calls to 50.6 million phone numbers. With overwhelming consumer support, the Registry was slated to be implemented next week on October 1.

The first legal blow to the popular Registry came on Tuesday when an Oklahoma District Court judge ruled that the Federal Trade Commission (FTC), the administrator of the Registry, had not been given that authority by Congress, though several federal bills had been passed to that effect or so it was thought. Within a day, Congress enacted additional legislation to enable the FTC to administer the Registry.

Yet, hours later, another District Court ruling out of Colorado, further spread doubt about whether the National Registry in fact will be launched on October 1. Rather than ruling on easy-to-remedy jurisdictional grounds, the second blow to the Registry included First Amendment concerns. The ruling stated that the FTC, because it allows nonprofit groups and others to contact those on the registry, gave a preference to solicitations that were exempt. "The First Amendment prohibits the government from enacting laws, creating a preference for certain types of speech based on content, without asserting a valid interest ... to justify its discrimination," said Judge Nottingham in his decision.

Historically, the Federal Trade Commission (FTC) has given wide berth for nonprofits to place marketing calls because “charitable solicitations of funds does more than inform private economic decisions because it involves the dissemination of views and the advocacy of political and societal causes.” In other words, nonprofits and politicians are provided more protection under the First Amendment.

Though this decision notes that nonprofits and politicians, for instance, have more of a right to free speech, a solicitation from a politician, nonprofit groups, or commercial entity first creates a privacy intrusion when it rings a telephone, regardless of the content of the call. In this sense, all solicitation calls are equal. It’s the content of such calls that is secondary to the immediate privacy intrusion. The judge found that all calls cause the same privacy harm. At this juncture, it’s unclear how this ruling can be overturned, though with overwhelming popular support, we’re optimistic that a solution will be found. The question is how long the courts will postpone the implementation of a Registry.

In light of the recent district court ruling and subsequent delay of the October 1 start date, the PRC provides advice to consumers about what steps could be taken to implement the Registry in the future and what consumers can do in the meantime.

What Now for the National Do Not Call Registry?

--PRC Updates its Fact Sheet 5 on Telemarketing –Telemarketing: How to Have a Quiet Evening at Home

If you think all you have to do is call the FTC’s Do Not Call hotline to stop all telemarketing calls, think again. It’s not that simple. Our updated Fact Sheet 5 explains the in’s and out’s of who has to comply with the Registry and what companies and organizations are exempt under the revised federal rules.

Did you know that you could be contacted for up to three months after you have applied for or inquired about a product or service? Fact Sheet 5 tells you what to do about these and other exempted calls, and how to protect yourself from getting them in the first place.

The new fact sheet also clarifies how the Registry will work, where to complain if you receive telemarketing calls that are not exempt, and the ways in which marketers may try to circumvent the Registry.

The updated version of Fact Sheet 5, Telemarketing: How to Have a Quiet Evening at Home is available at

[2] PRC, Consumers Union, and Consumer Action Comment on Proposed Regulations Regarding Property Loss Databases to the California Dept. of Insurance

California Insurance Commissioner John Garamendi has been fighting the insurance industry in court over accusations that insurers use databases, such as CLUE, (Comprehensive Loss Underwriting Exchange) to deny and price insurance without verifying the accuracy of the information. As noted in our Fact Sheet 26 CLUE and You: How Insurers Size You Up discussed below (see [3]), consumers throughout California are experiencing inflated premiums or outright cancellation of their homeowners’ insurance policies based on inaccurate information.

For instance, a former 21st Century Insurance fraud investigator and 32-year-old homeowner and mother was forced to get substandard homeowner’s insurance at three times the normal price because the house she was purchasing was "blacklisted" on a national CLUE report.

In fact, the California Department of Insurance recently noted a four-fold increase in the number of consumer complaints about homeowner’s insurance, with non-renewal of coverage being a leading cause of consumer complaints. Such complaints are nearly always based on information whether accurate or not included in a CLUE report. Because of this trend, the Department proposed regulations about property loss insurance ratings and underwriting.

Federal law requires insurance companies to tell consumers when there is an adverse decision based upon the use of these databases, and many in the insurance industry are not obeying the federal law. The PRC in conjunction with Consumers Union and Consumer Action, commented on those proposed regulations regarding property loss databases.

The comments submitted to the California Dept. of Insurance make it clear that the PRC and other organizations think the Department should:

-- Prohibit or curtail the use of a consumer’s credit history for insurance underwriting purposes.
-- Require insurers to get customer notification before a CLUE report is issued so that individuals have the ability to correct inaccuracies before an adverse decision is taken.
-- Require insurers to notify customers when an “adverse action” is taken such as when their policy is cancelled, there is an unfavorable change in the terms of coverage, or the amount of their monthly payment increases.

The Department of Insurance has scheduled hearings for September 23, 2003 (Los Angeles) and September 25, 2003 (San Francisco) to consider the proposed regulations. We have learned that the hearings have been postponed, and new dates have not been set.

To read the comments in their entirety, go to

[3] PRC’s Newest Fact Sheet on Property Loss Databases and Insurance “Scores” -- CLUE and You: How Insurers Size You Up

Consumers have had adverse actions such as increases in their premiums or outright cancellation of their policies for making a simple inquiry about their coverage, without filing an actual claim. For instance, if you called your insurer about a possible claim, and your coverage was subsequently cancelled, or if your auto insurance premium went up because you missed a credit card payment, this fact sheet explains why and what your rights are.

Created with funding from the Rose Foundation Consumer Privacy Rights Fund, this newest PRC fact sheet informs consumers about property loss reports, known generically as CLUE reports. Since Comprehensive Loss Underwriting Exchange (CLUE) and A-Plus reports are generated by consumer reporting agencies such as ChoicePoint and ISO and include an insurance “score,” consumers’ rights regarding the reports are outlined under the Fair Credit Reporting Act (FCRA).

Many are not told that they can get a copy of their report when an adverse action is taken and can dispute inaccurate information on their report as outlined in the FCRA. Our Fact Sheet 26 explains what’s included in your CLUE or A-Plus report, how to get a copy, and what to do if there are inaccuracies.

Fact Sheet 26 CLUE and You: How Insurers Size You Up is available at

[4] Recent Surveys and Studies Shed Light on the Number of Identity Theft Victims and How They are Impacted

Several recent studies and surveys give a better understanding of the crime of identity theft and its impacts on victims. The Federal Trade Commission ( recently estimated that as many as 10 million Americans are victims of this crime with 49% of them not knowing how their information was obtained by the thieves who impersonated them to obtain credit.

Two additional surveys had similar findings. Gartner Research reported that as many as 7 million Americans (3.4% of the population) were victims in the past year. And Privacy and American Business found 33.4 million Americans had been victimized since 1990, with over 13 million victims of identity theft since January 2001.

These three random sample surveys have confirmed that there are many more victims of identity theft than experts had been estimating -- in fact 10 times more than previously thought.

The Identity Theft Resource Center (ITRC) recently completed a different kind of survey. ( 173 victims of identity theft completed an in-depth survey of the impact of the crime on their lives. The report lays out how they learned they were victims, what kinds of accounts were opened using their information, the time and financial impact upon them, the emotional impact, the effects on family members, and the responsiveness of businesses, collectors, and credit reporting bureaus in addressing their situation. The ITRC’s report paints a very disturbing picture of a crime out of control, with devastating effects on the victims.

To read the ITRC’s survey, visit the ITRC website at

Summaries of and links to these surveys are posted on our website at

[5] PRC and Other Groups Oppose Data Mining of Health Information by Financial Institutions

The current federal medical privacy rule, HIPAA, prohibits financial institutions from accessing health information for data mining purposes. Yet, the U.S. Health and Human Services Department (HHS) is being lobbied by financial services companies to roll back this critical protection.

The PRC along with the Health Privacy Project (, Electronic Privacy Information Center (, and 28 other organizations recently sent a letter to HHS Secretary Tommy Thompson opposing the ability of financial institutions to data mine health information that may be contained in Automated Clearing House (ACH) transactions.

For instance, Medicare or HMO payments may be paid through an ACH with codes that indicate the health issue or service for which payment is being made. The PRC and other organizations want the HHS to ensure that this sensitive health information cannot be compiled and joined with other personal or financial information.

To read the news release and the letter sent to HHS, go to

For more information about HIPAA, see our fact sheet 8a -- HIPAA Basics: Medical Privacy in the Electronic Age at

  To subscribe to our free email newsletter, go to