Privacy Rights Clearinghouse
In this issue . . .
The PRC’s newest addition to its ever-growing list of fact sheets provides a wealth of information for consumers who have problems with a debt collector and who want to know more about related privacy issues.
In addition to outlining consumers’ rights under federal and state laws, Fact Sheet 27 provides invaluable tips regarding debt collection and identity theft, medical bills, and employers. It lists state debt collection laws and links to the publications of state consumer protection agencies.
The guide, our most extensive to date, offers useful tips on how to write collectors. It provides several form letters individuals can tailor to their situation. The sample letters suggest how to stop a collector’s phone calls, how to dispute collection efforts, and how to notify the collector you are a victim of identity theft. There is also a sample letter to stop a collector from contacting you about someone else’s debt.
The guide, entitled “Debt Collection Practices: When Hardball Tactics Go Too Far,” is available on the PRC website at http://www.privacyrights.org/fs/fs27-debtcoll.htm 
The compilation of “State Debt Collection Laws and Publications” is available at http://www.privacyrights.org/fs/fs27plus.htm 
Consumers can rest easy now that the Tenth Circuit Court of Appeals upheld the Do Not Call Registry. In a decision issued on February 17, the Court ruled that the popular Registry does not violate telemarketers’ First Amendment rights of free speech. It confirms that the Federal Trade Commission (FTC), the operator of the Registry, was not improperly using its power by establishing the DNC list. The Direct Marketing Association and telemarketers filed the lawsuit to derail the Registry when it was first launched in October 2003. The Court allowed the FTC to continue operating the Registry while the case was being heard.
The decision throws out the telemarketing industry’s challenges and allows the FTC to continue with the Registry unfettered by legal challenges. An unprecedented 55+ million phone numbers are now registered with the Registry, a clear indication of how much consumers treasure their privacy. If you have not yet signed up, you can call (888) 382-1222 or go online, www.donotcall.gov .
The court decision can be read in its entirety at http://www.ck10.uscourts.gov/opinions/03-1429.pdf 
A recent Harris Poll indicates that the FTC's Do Not Call Registry has been a success. The survey reports that "more than half of all adults (57%) say they have signed up and most of these people say they have either received no telemarketing calls since then (25%) or far less than before (53%)." The survey continues, "The proportion of all adults who have heard of the Registry has increased from 71% last September to 91%" and that "the proportion of all adults who claim to have signed up with the Registry has increased from 32% last September to 57%."
The news release from Harris about the survey is available at:
The PRC’s website has an ongoing update of information about telemarketing including complaints filed by states’ Attorneys General, the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC) at http://www.privacyrights.org/ar/DNCdecision.htm 
Our in-depth Fact Sheet 5, “Telemarketing: How to Have a Quiet Evening at Home,” notes exceptions to the National Registry and discusses telemarketing and junk faxes in more detail http://www.privacyrights.org/fs/fs5-tmkt.htm .
Three prominent privacy and civil liberties advocates spoke to librarians at the mid-winter meeting of the American Library Association, held in San Diego in January. Beth Givens of the PRC, Lee Tien of the Electronic Frontier Foundation (EFF) (www.eff.org ) and Pam Dixon of the World Privacy Forum (www.worldprivacyforum.org) addressed the ALA’s Intellectual Freedom Committee regarding the potential privacy and civil liberties implications of using RFID tags to identify library materials.
Several libraries in the U.S., Europe, and Asia have adopted RFID systems in order to inventory library materials and keep track of those checked out to library users. And many more are planning to switch from barcode systems to RFID in the near future.
Currently, RFID tags in library books do not contain details such as book title, but the electromagnetic frequency of the library tags is the same as the most common RFID readers being deployed in other settings. The RFID systems used by libraries today encode the equivalent of a barcode number in the miniscule tag that is affixed to the book -- in other words, an ID number that is virtually meaningless to anyone but that particular library.
But if the publishing industry were to join the RFID bandwagon and attach RFID tags encoded with the book’s title – or more likely, the book’s unique International Standard Book Number, the ISBN – one’s reading choices could conceivably be obtained by RFID readers outside the confines of the library. Librarians have a long tradition of staunchly protecting their users’ privacy. But as Givens, Tien, and Dixon cautioned, the adoption of RFID systems by libraries could compromise their age-old ideals of intellectual freedom, especially if the publishing industry were to adopt RFID technology and encode the RFID tag with standardized book-identifying data.
The comments of the PRC’s Beth Givens and EFF’s Lee Tien are on the PRC web site at:
Many of you have been asking the PRC, “When can I get a free copy of my credit report? I heard there was a new law that gives me a free copy.”
As noted in our last newsletter, the Fair and Accurate Credit Transactions Act of 2003 (FACTA) was in many ways a setback for consumers. However, one of the positive outcomes is the ability for consumers nationwide to get a free copy of their report from all three credit reporting bureaus upon request once a year.
It is expected that free reports will be available starting December 1, 2004. Currently, residents of six states can get free copies -- Colorado, Georgia, Maryland, Massachusetts, New Jersey, and Vermont.
The PRC needs your help in our ongoing effort to educate consumers about financial privacy and how to opt out of data sharing. Federal law requires financial institutions to mail you a privacy notice once a year. These include your bank, insurer, brokerage, and even your tax preparer. The notice tells you how to opt out, that is, to stop the company from sharing your personal information such as name, address, and account information, with other companies.
Beware: The privacy notices can be difficult to understand, and your opt-out will not stop all disclosures. We offer tips on how to protect financial information in our Fact Sheet 24 series available at: /banking-and-finance 
Included with these guides is a compilation of opt-out addresses and phone numbers for many financial institutions http://www.privacyrights.org/fs/fs24a-OptOutAddresses.htm 
We rely on consumers like you to help us keep this opt-out list up-to-date. If you receive a privacy notice from your financial institution(s), we’d like to know the name of the company and the way in which consumers can opt out by phone or mail. You can reach us at https://secure.privacyrights.org/qwertyuiopasdfghjkl.php .
Better yet, if you don’t want to keep the notice, mail it to us. Our mailing address is at the bottom of this newsletter.
Many individuals have complained to us about the dense language and legalese of the privacy notices they receive from their financial institutions. In fact, readability studies of privacy notices indicate that most are written at a 3rd-4th year college level. What consumers tell us they really want to know is just the basic facts--how can I opt-out?
Because of the complexity of the notices, the Federal Trade Commission (FTC) and other financial regulators are asking for comments on what is being called a Short Form--a more concise, easier to read opt-out notice. The PRC and Consumers Union are sharing their concerns and recommendations with the federal agencies that regulate financial institutions at a meeting held this week. You can read our joint comments at, http://www.privacyrights.org/ar/GLBshort.htm 
These are preliminary comments, to be followed up by a more formal statement due March 29th. You too can lend your voice to this process. To learn how you can contribute comments to the federal agencies that regulate banks, insurance companies, and securities companies, visit the Federal Trade Commission web site at, http://www.ftc.gov/os/2003/12/031223anprfinalglbnotices.pdf 
Of course the ideal situation would be an opt-in – where financial institutions would not sell or share customer data with other companies unless explicit permission is given. But federal law established the weaker opt-out standard -- and because of intense industry lobbying, even the opt-out requirements are minimal at best. As a result, it’s very important that privacy notices are written and designed so they will be read, understood and acted upon by consumers.
The PRC has more information about the readability of financial and other privacy notices at: http://www.privacyrights.org/ar#Readability 
To subscribe to our free email newsletter, go to www.privacyrights.org/subscribe.htm