The Great Privacy Debate.Insurers, regulators and consumers are struggling to find the perfect balance between protecting privacy and reaping the benefits of sharing personal information. A Washington state woman last year complained to Attorney General Christine Gregoire Christine O'Grady "Chris" Gregoire (born March 24, 1947) is the Democratic governor of the U.S. state of Washington. Gregoire's election to the office in 2004 was notable for her historically slim margin of victory over Republican Dino Rossi, who had appeared to defeat Gregoire on that her mortgage lender sold her name to a telemarketer who then charged her for membership in a chopping club. In Minnesota, a medical clinic shared information about a woman's abortion with a professional, who, by chance, knew the woman. The professional had a legitimate reason to have the information, but because the person knew the patient, a court held the clinic liable for wrongful wrongful Forensic medicine An adjective with considerable medico-legal currency, used in several contexts. See Negligence. Wrongful Wrongful death An event that is usually regarded as negligent. See Negligence. dissemination dissemination Medtalk The spread of a pernicious process–eg, CA, acute infection Oncology Metastasis, see there of information, said Marshall Tanick, a Minneapolis attorney who's done substantial work in privacy cases. "Privacy cases rend rend v. rent or rend·ed, rend·ing, rends v.tr. 1. To tear or split apart or into pieces violently. See Synonyms at tear1. 2. to be bizarre cases, but because they do happen, people get worried," Tanick said. The worry barometer has risen in recent years. Reports of information falling into the wrong hands along with the rapid advancement of technology, increased telemarketing telemarketing, the practice of selling goods or services to customers by means of the telephone or of surveying consumer preferences in telephone conversations. efforts and hacker A person who writes programs in assembly language or in system-level languages, such as C. The term often refers to any programmer, but its true meaning is someone with a strong technical background who is "hacking away" at the bits and bytes. intrusions into major Internet sites have made consumers more leery of who's doing what with the personal information they give out. In addition, two pieces of federal legislation-the Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when of 1996, known as HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, , and the Gramm-Leach-Bliley Financial Services The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. Modernization modernization Transformation of a society from a rural and agrarian condition to a secular, urban, and industrial one. It is closely linked with industrialization. As societies modernize, the individual becomes increasingly important, gradually replacing the family, Act of 1999-have focused the attention of insurance companies, health-care providers, banks, securities firms, regulators and lawmakers on privacy of personal information. They are looking for Looking for In the context of general equities, this describing a buy interest in which a dealer is asked to offer stock, often involving a capital commitment. Antithesis of in touch with. ways to address privacy concerns without jeopardizing the large number of services and conveniences made possible by sharing information. "The rapid and reliable availability of accurate and complete personal information is essential to-it is no exaggeration Exaggeration Bunyon, Paul legendary giant, hero of tall tales of the logging camps. [Am. Folklore: The Wonderful Adventures of Paul Bunyon] Jenkins’ ear trivial cause of a great quarrel. [Br. Hist. to say that it is the very foundation of-virtually all financial services," Fred H. Gate, professor at the Indiana University School of Law Indiana University School of Law is referring to either
Timothy Campbell Timothy "Tim" Campbell is the winner of the first series of the British version of The Apprentice.[1] Tim, a Middlesex University graduate in Psychology, worked as a Senior Planner within the Marketing & Planning Department of London Underground before applying , Citigroup's senior vice president and director of government relations, gave this example: "When you understand how America's system of credit and obtaining credit is set up, your ability to pick up your phone and call a bank and get a mortgage or home-equity loan Home-Equity Loan A consumer loan secured by a second mortgage, allowing home owners to borrow against their equity in the home. The loan is based on the difference between the homeowner's equity and the home's current market value. unsecured almost instantly is incredible," he said. "It doesn't just happen because you're a nice guy. It happens because there's a whole system that allows those decisions to be made and information to be accessed." A Balancing Act The management of personal consumer information collected by businesses and health organizations is a balancing act. "It's a classic public-policy dilemma," said Rodger S Rodger is a surname, and may refer to:
Congress must have recognized how difficult privacy issues would be when it drafted HIPAA, because it reserved for itself the right to revisit re·vis·it tr.v. re·vis·it·ed, re·vis·it·ing, re·vis·its To visit again. n. A second or repeated visit. re privacy legislation, said Scott Growney, senior manager, HIPAA compliance and regulatory affairs Regulatory Affairs (RA), also called Government Affairs, is a profession within regulated industries, such as pharmaceuticals, medical devices, energy, and banking. Regulatory Affairs professionals usually have responsibility for the following general areas: (application, communications) electronic data interchange - (EDI) The exchange of standardised document forms between computer systems for business use. EDI is part of electronic commerce. standards, Congress immediately instructed the U.S. Department of Health and Human Services Noun 1. Department of Health and Human Services - the United States federal department that administers all federal programs dealing with health and welfare; created in 1979 Health and Human Services, HHS to issue regulations, but it authorized au·thor·ize tr.v. au·thor·ized, au·thor·iz·ing, au·thor·iz·es 1. To grant authority or power to. 2. To give permission for; sanction: the department secretary to promulgate To officially announce, to publish, to make known to the public; to formally announce a statute or a decision by a court. privacy rules only if Congress failed to pass privacy legislation within three years of HIPAA's passage. It's unclear whether people are more concerned about misuse of their medical information or their financial information. Mostly, Lawson said, there's just a "general sense of uncertainty about who knows what about me." On the medical side, the big fear is that health information will be used against an individual in the marketplace, at work or elsewhere. If a company pays for a health plan, employees are concerned about who in the administrative process gets to see medical records and whether the information can become known to others on staff. They want to be assured information is destroyed if they leave a job. People also fear that their financial information could be used to target them for telemarketing calls or that their identities and assets could be stolen. They fear that if their bank accounts are accessible, they are vulnerable to lawsuits, subpoenas or garnishment garnishment, in law, means of requiring a third party who holds a debt (including wages) due a defendant to retain the property temporarily. The garnishment consists of a warning, in the form of a judgment, to the third party, called the garnishee, not to deliver the , Tanick said. The increased power and use of computers and the development of the Internet have made consumers even more afraid. "Technology exacerbates the problem, because information is more readily available," Tanick said. "It makes people feel, with some justification, that their records are more accessible to more people." Consumers' Fears A consumer privacy work group set up by Gregoire, the Washington state attorney general, received more than 125 letters and e-mails. One woman complained that a stranger used her name to obtain a driver's license Noun 1. driver's license - a license authorizing the bearer to drive a motor vehicle driver's licence, driving licence, driving license license, permit, licence - a legal document giving official permission to do something , then opened a bank account and left her thousands of dollars in debt. In a national survey of American adults, 54% said the shift from paper record-keeping systems to electronic or computer-based systems Computer-based systems Complex systems in which computers play a major role. While complex physical systems and sophisticated software systems can help people to lead healthier and more enjoyable lives, reliance on these systems can also result in loss of made it more difficult to keep personal medical information confidential. More than half (55%), said they worried about computer hackers breaking into a system, and 30% worried about medical providers, health-plan officials or other authorized users authorized user Radiation physics A person who, having satisfied the applicable training and experience requirements, is granted authority to order radioactive material and accepts responsibility for its safe receipt, storage, use, transfer and disposal leaking information. The survey, published in January 1999, was conducted by Princeton Survey Research Associates for the California HealthCare Foundation. Health-care providers received a higher vote of confidence than private insurers or banks. About 60% of the respondents said they trusted doctors, hospitals and other health professionals to keep personal information confidential all or most of the time, whereas 35% said they trusted health plans and 49% said they trusted banks to maintain confidentiality all or most of the time. Proper use of information "has to become part of your business practice," said Citigroup's Campbell. "It has to be part of how you sell your products, how you relate to your customer and how you serve your customer." Sharing information allows companies to more quickly approve credit and insurance applications, control costs, provide financial services online, prevent and detect fraud and avoid delinquencies and bad debt, wrote Indiana University's Cate. It also enables financial institutions to: * notify customers who maintain high balances in checking accounts of the availability of higher-return investments; * analyze customer data to protect customers against inappropriately risky investments; * offer lower-interest home-equity loans to customers with recurring re·cur intr.v. re·curred, re·cur·ring, re·curs 1. To happen, come up, or show up again or repeatedly. 2. To return to one's attention or memory. 3. To return in thought or discourse. credit-card balances; * provide customers with bundled services at a single lower price; and * aggregate all of a customer's accounts to satisfy minimum balance requirements. Responsible use of information means protecting against unnecessary disclosure or fraudulent use, Cate wrote, but it also means using information productively, so that the customer benefits. If a bank partners with an insurer the marketing departments of both institutions could benefit from sharing customer information, said Lawson of the alliance. "In this age when we're trying to create products that serve particular niches, you really need a vast amount of information to decide where a niche exists and what products are needed to serve that niche." Health-care delivery systems are so integrated today that patients are likely to be treated by more than one physician, making sharing of information imperative. Also, the system where a physician treats the patient and the insurer just pays the bills no longer exists, said Kristin Stewart, director of private market issues for the American Association American Association refers to one of the following professional baseball leagues:
"You're more likely to have your insurer involved in assessing and improving quality and reviewing and profiling your physicians," she said. Sharing medical information between insurers and financial institutions raises other issues. Citigroup uses medical information only for the purpose for which it was obtained, Campbell said. The company wants customers to know that "if they apply to Citicorp for a mortgage after they've gotten a Travelers' life policy, people at Citicorp won't have their health information' he said. Finding Common Ground Many state laws and regulations concerning privacy procedures are not uniform. The privacy working group of the National Association of Insurance Commissioners The National Association of Insurance Commissioners (NAIC) is an Internal Revenue Code Section 501(c)(3) non-profit organization which seeks to organize the regulatory and supervisory efforts of the various state insurance commissioners from around the United States. is developing model regulations for Gramm-Leach-Bliley to avoid the difficulties that state variations cause insurers. Insurers and insurance trade organizations are urging the NAIC NAIC See National Association of Investors Corporation (NAIC). not to go beyond the provisions of the federal law, particularly in regard to the "opt out" requirement. Insurers also are asking the NAIC to encourage state legislatures A state legislature may refer to a legislative branch or body of a political subdivision in a federal system. The following legislatures exist in the following political subdivisions: "We don't think it's a good idea for states to go beyond the parameters of Gramm-Leach-Bliley, except in some special circumstances special circumstances n. in criminal cases, particularly homicides, actions of the accused or the situation under which the crime was committed for which state statutes allow or require imposition of a more severe punishment. ," said Rey Becker, vice president of property/casualty at the Alliance of American Insurers. "The only state legislation which may be needed is if the state insurance department doesn't feel it currently has enough authority to promulgate regulations to implement or enforce [the law]." As regulations and legislation are being proposed and debated, some insurance companies and other financial institutions are implementing privacy procedures. New York-based Citigroup developed its privacy program in 1998, when it was seeking merger approval from the Federal Reserve, Campbell said. Citigroup was formed by the merger of Citicorp and Travelers Group Inc. Even though Citibank had begun working on its privacy policy before the merger, developing procedures for the entire corporation was a major undertaking. "Part of the challenge is to get a notice that reflects your business practices within the overall corporate policy," Campbell said. Once the policy was written, Citigroup sent out notices to its 80 million customers worldwide. To support the policy, Citigroup appointed a privacy officer in each of its businesses. It also had to make sure its technology could carry out the policy--which included an "optout" provision similar to Gramm-Leach-Bliley's--and to initiate a management reporting process to ensure that the privacy program was working as it should. Making the technological adjustments was more difficult because of the Y2K See Y2K problem and Y2K compliant. Y2K - Year 2000 demands and the ongoing demands of market and business operations Business operations are those activities involved in the running of a business for the purpose of producing value for the stakeholders. Compare business processes. The outcome of business operations is the harvesting of value from assets , Campbell said. Although instituting a privacy program is a challenge, "it's important as a business to understand what your customers want," he said. "We are not in the business of ignoring our customers, because they will go elsewhere if you don't provide the products and services they want." The greatest challenge will come if states enact their own restrictions, he said. Health insurers and health-care providers will face significant challenges in complying with the HIPAA privacy provisions, but they should see the challenges as opportunities to improve the way they do business, said Deloitte & Touche's Growney. "There are opportunities here for covered entities and others in the health-care industry to rethink re·think tr. & intr.v. re·thought , re·think·ing, re·thinks To reconsider (something) or to involve oneself in reconsideration. re the way they do business and take advantage of e-health opportunities and technologies that are out there and to invest in systems that will create efficiencies, satisfy the regulators and be friendly from a business-to-business standpoint," he said. "Those systems might also be friendly from a business-to-consumer standpoint. The organizations that take the lead will achieve a competitive advantage." The Laws on Privacy Both the Gramm-Leach-Bliley Financial Modernization Act and the Health Insurance Portability and Accountability Act allow sharing of some information while prohibiting other types of exchanges. The main thrust of Gramm-Leach-Bliley is to permit affiliations among insurance companies, securities firms, banks and other financial services providers, ending restrictions dating back to the Depression. To protect consumer privacy as affiliations occur, Title V of the act requires all financial institutions to comply with four directives: * disclose their policies for collecting and sharing customers' nonpublic personal information at the beginning of the relationship and at least annually thereafter; * allow customers to "opt out" of the sharing of personal information between their financial institution and nonaffiliated third parties, except in a few limited circumstances; * maintain policies to protect the security and confidentiality of nonpublic information Nonpublic information Information about a company that is not known by the general public, which will have a definite impact on the stock price when released. See: Insider trading. ; and * not share account numbers with nonaffiliated third parties for marketing purposes. At a commencement address April 30, President Clinton called for privacy legislation to strengthen the protections in Gramm-Leach-Bliley. Days later, U.S. Rep.John LaFalce, D-N.Y, introduced the Financial Information Privacy Protection Act, which included elements of Clinton's plan. "As more banks and insurance companies merge, lenders could gain access to private medical information and many insurance records. But no one should have to worry that the results of their latest physical exam will be used to deny them a home mortgage or a credit card. Under my plan, you d get to say no," Clinton said. Title V of Gramm-Leach-Bliley directs federal regulators--including the Federal Trade Commission, the Securities and Exchange Commission, the Federal Reserve, the Office of the Comptroller of the Currency The Office of the Comptroller of the Currency (or OCC) was established by the National Currency Act of 1863 and serves to charter, regulate, and supervise all national banks and the federal branches and agencies of foreign banks in the United States. , the Federal Deposit Insurance Corp. and the Office of Thrift Supervision--to prescribe pre·scribe v. To give directions, either orally or in writing, for the preparation and administration of a remedy to be used in the treatment of a disease. rules to carry out the privacy provisions. State insurance departments also must adopt regulations to implement its provisions. Financial institutions, trade associations, consumers and regulators disagree about how stringent regulations should be. Title V allows for state laws that provide greater consumer protection than the federal law. Some state legislatures already have enacted laws or introduced bills to add another layer of consumer privacy protection. Some of the laws address two common objections: the opt-out provision and the ability of affiliates to freely share information. The "opt-out" provision allows companies to share personal information, unless consumers specifically say they can't. Some states have adopted an "opt-in" provision that prohibits information sharing See data conferencing. , unless the consumer explicitly grants permission. Some legislators object to the fact that the law does not regulate the sharing of information among affiliates, which the new federal bill addresses. Privacy of Health Information When the deadline passed for Congress to enact laws to implement the privacy provisions of HJPAA, the U.S. Department of Health and Human Services was required to develop regulations. The proposed regulations: * allow consumers to see their medical records, request a correction to the records and obtain documentation of disclosures of their health information; * penalize pe·nal·ize tr.v. pe·nal·ized, pe·nal·iz·ing, pe·nal·iz·es 1. To subject to a penalty, especially for infringement of a law or official regulation. See Synonyms at punish. 2. people who violate a patient's right to privacy with civil monetary penalties or criminal penalties, depending on the violation; * specify that, with few exceptions, a person's healthcare information should be used for health purposes only, including treatment, payment and health-care operations; * recognize the need to balance privacy protections with the public responsibility to protect public health, conduct medical research, improve the quality of care and fight health-care fraud and abuse; and * require each covered organization to establish procedures to protect patients' privacy, designate an official to monitor that system and notify patients about their privacy protection practices. HIPAA regulations cover only information that is stored or transmitted electronically and, as with Gramm-Leach-Bliley, stipulate stip·u·late 1 v. stip·u·lat·ed, stip·u·lat·ing, stip·u·lates v.tr. 1. a. To lay down as a condition of an agreement; require by contract. b. that in circumstances where the federal rules and state laws are in conflict, the stronger privacy protection will prevail. Health Insurers Seek Compromise on HIPAA For health insurers, the new wrinkle Wrinkle A feature of a new product or security intended to entice a buyer. in the ongoing debate about privacy is the Health Insurance Portability and Accountability Act of 1996. One objective of HIPAA is to reduce health-care costs by requiring insurers, health-care providers and health-information clearinghouses that engage in electronic transactions of information to simplify those transactions through uniform electronic data interchange standards. The act called for Congress to enact medical records privacy standards by Aug. 21, 1999. Congress failed to meet that deadline, so the secretary of Health and Human Services Noun 1. Secretary of Health and Human Services - the person who holds the secretaryship of the Department of Health and Human Services; "the first Secretary of Health and Human Services was Patricia Roberts Harris who was appointed by Carter" must issue final regulations regarding privacy. The controversial regulations that Secretary Donna Shalala Donna Edna Shalala (surname pronounced /ʃəˈleɪlə/; born February 14, 1941) is the president of the University of Miami, a private university in Coral Gables, Florida. proposed in November 1999 generated more than 40,000 responses, with an estimated 150,000 to 200,000 specific comments, said Scott Growney, senior manager, HIPAA compliance and regulatory affairs, Deloitte & Touche LLP. "HHS HHS Department of Health and Human Services. will have much to review and digest, he said. As with the Gramm-Leach-Bliley Financial Services Modernization Act of 1999, there is concern about the definition of "nonpublic" or "identified" information. The proposed regulations make it almost impossible to translate "identified" information into "de-identified" information, which is allowed to be shared, said Kristin Stewart, director of private market issues for the American Association of Health Plans. To "de-identify" information, the ZIP code zip code System of postal-zone codes (zip stands for “zone improvement plan”) introduced in the U.S. in 1963 to improve mail delivery and exploit electronic reading and sorting capabilities. , medical record numbers and account numbers are among the pieces of information that must be removed. These pieces of information are "things we don't think of as identifying an individual," she said. HIPAA also calls for the creation of unique identifiers With reference to a given (possibly implicit) set of objects, a unique identifier is any identifier which is guaranteed to be unique among all identifiers used for those objects and for a specific purpose. for health-care providers, insurers and individuals. The idea of a unique identifier for individuals, however, is under fire. "A lot of people believe the use of a Social Security number by itself is not sufficient, because if somebody improperly accesses sensitive databases, a Social Security number could be the key to a wealth of very private health information," Growney said. Some proposals call for a two-factor unique identifier, such as Social Security number and a personal identification number. Regulations regarding unique identifiers for individuals are on hold pending further development of the privacy rules. Health insurers are concerned that the proposed regulations would prevent them from using personal information in health-Promotion activities, which range from mammogram mammogram /mam·mo·gram/ (mam´o-gram) a radiograph of the breast. mam·mo·gram n. An x-ray image of the breast produced by mammography. reminders to immunization immunization: see immunity; vaccination. notices to reminders to people with diabetes to have vision exams. The rules say insurers, providers and clearinghouses may use or disclose protected health information protected health information Health informatics Any individually identifiable health informatlon that is used or circulated by an entity that falls under the governance of HIPAA; the privacy regulations mandate safeguards for protected health information, and the without individual authorization for treatment, payment or "health-care operations," but the definition of health-care operations doesn't specifically mention health-promotion activities. "If something isn't specifically mentioned, we are concerned it could actually require us to get patient authorization," Stewart said. Health plans are required to do preventive activities for private accreditation and arrangements with payers, such as Medicare and Medicaid Medicare and Medicaid U.S. government programs in effect since 1966. Medicare covers most people 65 or older and those with long-term disabilities. Part A, a hospital insurance plan, also pays for home health visits and hospice care. , she said. When participants share protected health information the proposed rules require that they share no more than the minimum amount of information necessary to accomplish the intended purpose. The question is: What is the minimum amount necessary? "You never know what information is going to become relevant when you're treating a patient," Stewart said. Organizations will have to develop a policy with general guidelines guidelines, n.pl a set of standards, criteria, or specifications to be used or followed in the performance of certain tasks. on what information is minimally necessary for particular purposes and then make case-by-case decisions based on those guidelines, Growney said. Where issues are uncertain, the requesting party might have to demonstrate the necessity and the appropriateness of releasing more personal data. The proposed standards give consumers the right to see their medical records, but exactly what they get to see has caused some concern. The rule specifies a "designated record set," mainly to keep providers from having to produce documents that may be duplicates. "We want to make sure [the set] doesn't include information that is used in peer review and quality-control functions," Stewart said. Hospitals and insurers use this information to make decisions about providers. Medical research also might be impeded im·pede tr.v. im·ped·ed, im·ped·ing, im·pedes To retard or obstruct the progress of. See Synonyms at hinder1. [Latin imped by the proposed regulations, Stewart said. Outcomes research, in which physicians examine the effectiveness of treatments for patients with specific characteristics, would be included as health-care operations, but archival research using medical records may not be. The proposed rule extends an existing regulation designed to protect people who participate in federally funded clinical research to apply to other kinds of research, including archival research, she said. Although the proposed standards apply only to records that are either transmitted or maintained electronically most information falls into those categories, Stewart said. Financial-Services Law Raises New Privacy Issues Although financial institutions and consumers have been concerned for some time about the appropriate use of personal information collected by the institutions, the enactment of the Gramm-Leach-Bliley Financial Services Modernization Act of 1999 raised new issues about how best to use personal information. Gramm-Leach-Bliley allows insurance companies, banks, securities firms and other financial institutions to form affiliations that have been unlawful since the 1930s.With those affiliations come the questions of how information should flow among the joined institutions and to businesses outside the group. Title V of the law contains privacy provisions and directions for federal agencies to create regulations to carry out the provisions. It also directs state insurance commissioners to write regulations to carry out the provisions as they apply to insurance companies. The provisions are to take effect Nov. 12, but federal regulators have delayed mandatory implementation until July 2001. Many insurers have urged regulators to address the need for a clear definition of which customer information is public and which is nonpublic. The law defines "nonpublic personal information" as personally identifiable financial information provided by the consumer that results from any transaction with the consumer or that is otherwise obtained by the financial institution. But the law says the term does not include publicly available information as defined by regulations. Federal regulators say a person's name, address and telephone number are considered "nonpublic personal information," said Rey Becker, vice president of property/casualty for the Alliance of American Insurers. The National Association of Mutual Insurance Companies stressed in its comments to federal regulators that consumers do not expect nor should they reasonably expect publicly available information, such as telephone numbers, to be treated as nonpublic personal information, Some state legislators have felt that the Gramm-Leach-Bliley privacy provisions weren't strong enough and have proposed state laws with greater restrictions. One of the most controversial aspects of Gramm-Leach-Bliley is the "opt-out" provision. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the law, financial institutions must allow customers to "opt out" of the sharing of Personal information between their company and nonaffiliated third parties, except in a few limited circumstances. The most common type of privacy bill being introduced into state legislatures contains an "opt-in" approach, Becker said. The rationale for the "opt-in" approach is that when people give information to specific institutions, they don't expect that information to be shared. Therefore, they should be asked to grant permission before any information is shared, particularly outside of affiliated companies Affiliated Companies A situation that occurs when one company owns a minority interest (less than 50%) in another company. Also refers to companies that are related to each other in some way. Notes: An affiliated company is sometimes referred to as a subsidiary. . "The bottom line is that customers have a choice," Becker said. "'Opt-out' gives that choice with little burden [to the financial institution]." An "opt-in" approach would require the time and expense of polling customers each time the institution wanted to share information. "It is tantamount tan·ta·mount adj. Equivalent in effect or value: a request tantamount to a demand. [From obsolete tantamount, an equivalent, from Anglo-Norman to saying that you cannot share information, because not many people are going to say they want to get telemarketing phone calls and mass mailings," he said. Marketers are not the only nonaffiliates with whom institutions might want to share personal information. A company might want to use a consumer-research operation to conduct customer-satisfaction surveys, said Timothy Campbell, Citigroup's senior vice president and director of government relations. The researcher can't do the survey if it doesn't know who the customers are. A software developer is another example of a nonaffiliated third party that might need customer information. A company that buys new software for business operations will need to have that software tested before the purchase is completed. The developer can't test the software unless it has the information the software will be using, Campbell said. When Citigroup does business with a third party, the contracts require the third party to maintain and deal with personal information the same way Citigroup does, lie said. Another issue raised by state legislators in response to Gramm-Leach-Bliley is how to deal with customers who choose not to share information. Some states have proposed, laws requiring no discrimination against those customers, Becker said. If that is the case, affiliated companies would have to offer discount programs or preferre products to those customers without knowing whether they were eligible. The overall effect would be that special marketing would have to be offered to everybody or nobody, he said. The best way to react to Gramm-Leach-Bliley is to give it a chance to, work, Campbell said. "It offers significant protection in the area of consumer privacy, and we need to get it implemented so we can live under that structure and see if it is or isn't satisfactory." |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion