Credit card companies and other financial institutions can sell or trade personal financial information about you with other businesses, even if you do not give them permission.
Private and potentially sensitive data about you -- your buying habits and financial account information, as well as your social security number, your income, employment history, marital status, and medical history -- may be necessary for a company to transact business with you. But, should a business be allowed to provide that information to anyone they choose?
When informed that their credit card company is sharing private information about them with other businesses, people object. "It's my information, what right do they have to share it with others?"
Back in 1999, federal legislation allowed financial institutions to expand the types of services they provide. In doing so, they established only weak restrictions on the sharing of personal information. These companies have the ability to share highly personal information not only with their affiliated companies, but also with unaffiliated third parties, as long as they offer customers a choice to "opt out" of the sharing.
It is not easy to opt out. Reading the fine print on one financial service agreement, I learned that I can send a letter (on my time, at my expense) to a post office box somewhere in Texas, providing my name, address, account number and social security number. If I jump through all the hoops, they won't share my data with unaffiliated businesses. Few people have the time to read all the fine print to seek out the appropriate addresses and write letters to every credit card company, bank, and any other financial institution with which they deal.
There is an inherent conflict of interest here. Businesses that want to share this information are the ones who must notify you of your right to opt out. It is no surprise that they make it difficult for people to exercise that right, knowing that the majority of consumers won't bother to go through the hassle of writing.
Yet most people believe, and believe strongly, that personal information about them should be used by a company only to the extent necessary to complete business transactions chosen by the consumer. The information should be shared with others only if the consumer affirmatively consents to the sharing, that is, they "opt in" to the sharing of information.
In addition to very legitimate concerns about personal privacy, the sharing of this information increases the risk of identity theft and other forms of fraud. Minnesota Attorney General Mike Hatch along with his colleagues from over thirty other states have urged the federal government to strengthen consumer protection on the use of data to prevent fraud. Hatch and the other attorneys general point out, "as information sharing increases, the risk of misuse or misappropriation of such information increases as well…the more entities that possess such information, the higher the chance the information will be stolen or misappropriated, or used for such purposes as the improper denial of credit, insurance, or employment."
Because the federal government is not likely to act on this, state lawmakers are seeking change. Last year, State Senator David Tomassoni introduced a bill prohibiting financial institutions that do business in Minnesota from disclosing personal information to nonaffiliated third parties unless the consumer authorizes it. The bill passed through two Senate committees and was added to broader legislation dealing with data practices.
Under heavy pressure from lobbyists representing companies that share private data, there was an attempt to remove the provision on the Senate floor, though it was narrowly defeated. Apparently due to similar pressures, the companion to Tomassoni's bill in the House of Representatives (HF 464) didn't even receive a hearing.
The public is not divided on this issue. They do not believe any business should be able to share private personal and financial data about them without their consent. Unfortunately, due to the lack of media attention, most people weren't even aware the legislation was pending.
Some businesses make big money selling personal information about us. SF 810 would give each of us more control over private information as well as reduce our exposure to fraud. Due to the heavy lobbying by data-sharing businesses, it will require media attention and public pressure to persuade House leadership that they ought to protect the public interest and pass this legislation.