Until recently, I thought I was a pretty private person who
minded my own business and foolishly believed that no one was really interested
in my private life. To paraphrase Bob
Dylan, you learn that privacy is something you can sell or give away, but you
cannot buy back or retrieve. Today’s
world seems not to take privacy very seriously. Loss of privacy worries
me. The level of intrusiveness that loss
of privacy can lead to was brought to light recently in case I was handling. But
before I get to the case, I want to provide a bit of background.
In 1974, Congress passed the Privacy Act (5
USC S552 a). In summary, it
provides some protections for citizen privacy when the government obtains
personal data. It also created 12
exceptions to the meagre protections it offered. Since then, there have been additional
exceptions added, most notably for the Homeland Security agency in the form of Passenger
Name Records (PNR) and the Arrival
and Departure Information System (AIDS).
There are other examples too numerous to review. The government threat of abuse is real and as
Ben Franklin said: “They who give up essential liberty to obtain a little
temporary safety deserve neither liberty nor safety.” Recall, if you will, the breach
of privacy of thousands of Government employees that occurred in 2017.
In addition to the risk of loss of privacy by the government
is the risk posed by the private sector.
In light of the Equifax
breach one year ago, 145,000,000 people’s data history was put in jeopardy.
The news cycle was hot for about a week; the Senate said it had to do something
(although nothing has been done). The consumer protection board has also done
nothing. A year later, the public at
risk seems to be in a coma about breaches of privacy. Some writers call this “breach Fatigue” due
to the frequency of incidences. Even the
recent US Census Bureau survey indicates that fewer people are concerned about
loss of privacy today than 3 years ago.
The European Union and the states of Colorado and California
amongst other have enacted privacy laws to protect individuals from not only
government but also from predatory businesses trying to capitalize on “Big
Data” or, more pertinently your personal data. In general, personal data is any
data that can be used to identify you. The state enacted privacy laws are a
step in the right direction but fall way short of the goal of actual protection
of personal data.
Part of my concern stems from the indiscriminate use of
social media, like Twitter and Facebook, which leaves trails of information
back to the individual. Posting pictures
on Facebook is the groundwork for digital facial recognition that may have all
kinds of consequences. Or think about
your use of LinkedIn where you provide your resume of life details including your
employment record. It is not only social
media that is concerning. Credit card
companies now have data on where you are, where you are traveling to, your
buying preferences and how much you spend on a monthly basis.
As a result of the various recently enacted state statutes,
business must now adopt policies and procedures that “safeguard” the personal
information they collect intentionally or unintentionally. They must also report leaks or breaches of
security in a timely manner. As an
example of this new requirement for business, a multinational heavy equipment
manufacturer has, over the years, collected personally identifiable information
about the maintenance people who would maintain their equipment for their
customers. The manufacturer did so to
align their warranty programs with the proper persons on the customer’s
side. The manufacturer had no real
interest in who these people were, but they must now adopt robust policies and
procedures to protect the privacy of those people.
In the case I previously mentioned, I was retained to
collect an overdue account. I went to my
standard sources and found the incorporators of the business, its standing with
the Secretary of State and the address of the business. I checked the business Facebook and LinkedIn
pages where I found a bit more information on the owners. The icing on the cake,
however, was a search service. For $29.95
and in less than one hour, I was able to do a criminal records search, a
property ownership search including liens, which led to a form of credit
search, nearest relatives and their addresses, litigation history, judgments
and outstanding warrants. The debtor is
a small mom and pop business and what I have learned, all derives from public
record. These poor people, I suspect, would
be aghast at what is of record, their record, in advance of any litigation
without their knowledge or consent.
I am also appalled at the false sense of security peddled by
companies that claim that they can protect your credit card and bank account,
or at least notify you when there is a breach.
They essential do what I did and check some internet traffic on the web
for a lot more than $29.95.
So much for privacy.
Do you have a data privacy story?
Len Goldstein
https://lengoldsteinlaw.com/
