Want CNET to notify you of price drops and the latest stories?

Mickey Mouse privacy

The electronic privacy guidelines released this week by a trade group of computer and communications companies are all sizzle and no steak.

3 min read
The electronic privacy guidelines released this week by a trade group of computer and communications companies are all sizzle and no steak.

In a document entitled "The Protection of Personal Data in Electronic Commerce," the Information Technology Industry Council outlined some base principles its member companies may use to formulate their individual privacy policies.

While the trade organization's principles are sound, they simply lack teeth. OK, so individuals "ought" to have "reasonable" control over "personal" data. We ought to be able to change incorrect data. We should be able to know who's collecting the data, how the data will be used, how long it will be kept, and how to correct or erase it. Life should be fair too, but what does that have to do with anything?

Free-market purists insist that allowing companies to set their own privacy policies without government regulation will lead to a renaissance in privacy services as companies compete tooth and nail to offer consumers the most secret services. Hogwash.

Tightening privacy controls won't bring companies a fraction of the revenue they can garner by aggregating, selling, and disseminating private information to the maximum extent consumers are willing to bear. Remember, company officers have a fiduciary duty to make the maximum amount of profit they can for their shareholders. Selling information is pure gravy for shareholders.

Voluntarily protecting privacy is a dubious expense that will be hard to justify to shareholders because the benefits won't show up on a bar chart. Unless executives can explain the expense away as being required to comply with federal laws, there's no good reason for them to spend money on maintaining strong privacy controls. Nor is there any reason for them abstain from selling, trading, or using personal information in every way profitable.

Companies can, and often do, argue that individuals don't have much privacy in the real world, anyway. So why should anyone expect more in the virtual realm? Social Security numbers are available for the asking from public documents and for $5 from most credit reporting agencies. Every time we use a credit card or automatic teller machine, our transactions are recorded. When we go to the doctor, our symptoms are electronically catalogued. The pharmacist logs our medications in a database. But the main problem with electronic records isn't that they are kept at all; it's how that data can be instantaneously connected and combined that makes it so dangerous.

Few in the private or public sector could resist the power to trace individuals' virtual shadows. The Orwellian possibilities are endless, but we needn't concoct wide-eyed scenarios to understand how dangerous this could be. Just look at what damage has already been done with isolated databases of information available today: DMV records have been used to locate, stalk, and even kill people. Erroneous medical records have caused individuals to be denied health insurance. Employers have used medical databases to discriminate against employees with life-threatening diseases. The list goes on.

Who's to say what is a "reasonable expectation of privacy?" Credit bureau TRW thought it was "reasonable" to sell Social Security numbers online. Microsoft, by some reports, thought it "reasonable" to scan the contents of MSN subscribers' hard disks. Medical information databases think it is "reasonable" to gather and distribute medical records to anyone who wanted to pay for them.

Trusting private interests to voluntarily make protecting personal data a priority is not realistic, effective, or fair. Overregulation may be onerous, but let's not confuse legislating a few basic rights with frivolous bureaucracy.

Just because Disney is offering children's content online doesn't mean we should entrust it to the creation and enforcement of laws against pedophiles and child pornography online. That's a role for government. So, why then, should we trust AT&T and IBM safeguard our privacy? If we do, they're sure to do a Mickey Mouse job.

As Christmas time rolls around again this year, it's time for the private sector to think about wrapping up some support for privacy legislation to put under the trees of consumers. Then maybe next year, the majority of us won't be too cowed to spend a dime of our holiday bounty inside their now empty online malls.

Margie Wylie writes about the good, bad, and ugly of the Information Age Wednesdays in Perspectives.