Although we cannot guarantee a response for every e-mail, you cansubmit your questions for panelists here.
Click here to return to the main discussion page.
Basically fraud preventions."
That’s “qualified” under self regulation.
Mention “fraud preventions” and you’re in.
And that opt out right?
The IRSG doesn’t even exist anymore.
IRSG failed so badly that the data industry is in damage control mode.
It’s a poison-the-well argument that doesn’t contribute to the debate meaningfully.
As a son and grandson of public servants, I resent it a bit.
Legislators have expert staff to help them understand proposals.
No legislator has a full understanding of the myriad issues covered by their committees.
Similarly, agencies have staff with deep expertise in many of the areas they regulate to guide decision makers.
The system isn’t perfect.
May I broaden that point and open it up to the entire list?
There’s along list of data-security billsin the U.S. Congress and many of them would preempt state rules.
Businesses tend to prefer that kind of approach, saying it creates a level playing field.
Which approach is better?
One each deals with breach and sale of data.
In the other case, the victim was killed.
It is early yet and the doctrine I advocate for is not yet mature.
As this discussion makes clear, the problems with data aggregation and use are huge and difficult.
They require a distributed system like common law development to resolve them.
Common law is not only distributed laterally, across courts and judges, but over time, as well.
Courts learn from each others' experience.
It’s not quite a Wiki, but the theory is the same.
Senator Simitian set the hook by suggesting that someone had wrongly argued for trusting business.
Now, Senator Proxmire’s legacy, the Fair Credit Reporting Act, has been invoked twice.
Does anyone realize that many of these issues exist despite, and possibly because of, his work?
It reminds me of a luncheon I spoke at in Dallas, Texas a few years back.
That impressed a lot of people, I’m sure.
Cynicism aside, there are very good arguments against–and for–pre-emption.
Much of federal level identity theft protection came from California, for instance.
Consumer protection law, historically, has been a state endeavor.
Most federal privacy laws aren’t pre-emptive.
And most privacy law itself was generated by the states.
There are state privacy laws on medical privacy, arrest records, video surveillance, SSNs etc.
Much of this law fills in gaps left by federal government inaction.
(Insurance companies, for instance, are under different regs in 50 states.)
Finally, there won’t be as much privacy law if there is broad pre-emption.
Congress has increasing demands placed upon its attention.
There’s real meaning behind the cliche: “That will take an act of Congress.”
Problems have to rise to a high level of severity before Congress will act.
Commercial data brokers built their business to skirt the law.
Now the law needs some revision to sweep in these new business models.
Let me tell you, that was not an easy case.
In that case, a stalker hired data broker Docusearch.com to locate Amy Boyer.
Because Amy Boyer lived with her parents, Docusearch couldn’t locate her definitively.
The stalker showed up at the address, shot Boyer to death, and then killed himself.
All they did was sell personal information, they argued.
I think we won that case because 1) the Docusearch defendants were not the most attractive defendants.
They had shoddy client screening techniques, and one of them had a criminal history.
The activity resulted in someone dying.
The killer posted a Web site describing his activities and stalking of Boyer.
That most privacy invasions aren’t as severe as the Boyer case.
There would have been no obvious way to discover Docusearch’s involvement.
As is said, power tends to corrupt, and absolute power corrupts absolutely.
