DATA PROTECTION, COMPUTERS, AND WEDNESDAY, MAY 16, 1990 HOUSE OF REPRESENTATIVES, AND AGRICULTURE SUBCOMMITTEE OF THE COMMITTEE ON GOVERNMENT OPERATIONS, Washington, DC. The subcommittee met pursuant to notice, at 9:43 a.m. in room 2247, Rayburn House Office Building, Hon. Robert E. Wise, Jr. (chairman of the subcommittee) presiding. Present: Representatives Robert E. Wise Jr., Glenn English, Gary A. Condit, Al McCandless, and Ileana Ros-Lehtinen. Also present: Robert Gellman, chief counsel; Aurora Ogg, clerk; and Monty Tripp, minority professional staff, Committee on Government Operations. OPENING STATEMENT OF CHAIRMAN WISE Mr. WISE. Today's hearing is the first in a series of data protection, computers, and changing information practices. There are two principal concerns before the subcommittee at these hearings. First, Americans find that their right to privacy is threatened by the increasingly detailed maintenance of personal information by Government and private sector record keepers. A recent poll found that nearly two-thirds of Americans felt their privacy is threatened by computerized records. The percentage of people expressing concern doubled in the last 5 years. Some recent stories illustrate the wide range of threats to personal privacy. For instance, a new CD-ROM product available this summer will include information on 80 million households and 120 million consumers. The data base will include names, addresses, estimated income, and propensity to buy over 100 consumer product categories. A recent court case held that it was legal for the FBI to go to a photo store and order a copy of film left for developing by a consumer. The photo store employee made a duplicate set of prints for the FBI without a subpoena or a warrant. The case raises the possibility that the FBI can routinely get copies of film left for developing at film stores. There was a recent report that car rental companies are running background checks on drivers without notice to consumers. Travel agents, airlines, car rental companies, and others in the travel industry are fighting over ownership of information about an individual's travel plans maintained in computer reservation systems. Travelers are not aware of the extent to which the industry is trafficking in their private travel plans. Some hospitals are using identifiable patient information to compile mailing lists for the purpose of selling services through direct mail. In the last Congress, a bill was enacted to protect the privacy of video rental records. This is popularly known as the Bork bill. Indeed, I believe our ranking minority member, Mr. McCandless, was one of the principal sponsors of the legislation. His expertise and experience with the Video Privacy Act will be valuable during these hearings. While we have some protection for video rental records, there is no similar protection for records of other consumer transactions and behavior. There are no formal legal protections for records about the purchase of books, music, computer software, mail order merchandise of all kinds, travel services, meals, film developing, and other goods and services purchased by consumers. Companies are able to compile, use, and sell this information without restriction and without notice to consumers. This issue is well illustrated by the new "frequent buyer" programs now being implemented at some supermarkets. We will be taking a close look at the use of computers and scanners to maintain records about supermarket purchases. People spend about 20 percent of their disposable income in supermarkets. Now there is a prospect that there will be an individually identifiable record of each item you purchase. In the not too distant future, consumers face the prospect that a computer somewhere will compile a record about everything they purchase, whether it is buying potting soil and getting seed catalogs in the mail, pregnancy testing kits and getting solicitations from diaper service companies. It is possible to go to a hospital for a checkup and get an invitation to a diet seminar. And so the list goes on. I am not sure this is a vision of the future that will make most Americans feel comfortable. Then again, maybe it will. Perhaps, indeed, this is supplying a service that consumers want. I think it is important to look at what the present practices are and intentions are and then also to try and gauge what it is consumers want. There may be a line that has not yet been drawn between what is consumer service and what is invasion of consumer privacy. I do not think we are paying enough attention to the privacy consequences of actions being taken by government or by business. In most other western industrialized nations concerns about the uses of personal information have led to data protection laws. Most of these countries have established formal government organizations to pay attention to privacy_issues. There are data protection commissions in Canada, Great Britain, West Germany, Austria, France, Sweden, Norway, the Netherlands, Australia, and Ireland. There is even talk of creating a similar organization in Hungary. There is no agency in the Federal Government with the responsibility to consider the privacy consequences of modern life. That brings me to my second concern. In other nations fears about computers and the loss of privacy are leading to the creation of trade barriers. Some countries are beginning to impose restrictions on the transfer of personal information to countries that do not have adequate privacy laws. Recently, for instance, the French data protection commission stopped Fiat in France from transferring information about its employees to Fiat in Italy. If the United States is perceived to have inadequate data protection laws, then the consequences for American banks, credit companies, travel agents, communications companies, and other businesses with multinational interests could be significant, with a resulting loss in international influence for the United States, business opportunities and jobs. I have a modest solution to the domestic privacy concerns and the international business problems that I just described. Last year I introduced a bill to establish a Data Protection Board as a small, permanent independent, nonregulatory Federal agency. The bill number is H.R. 3669. One of the purposes of the hearing will be to start discussions about this proposal. I want to emphasize "discussions." At this point the bill has not been moved to the top of the budget summit negotiations and therefore may not be on the fast track in this session of Congress. But I do think that the issue is one of increasing concern. I believe that a data protection board could serve the interests of consumers, of government, and of business. [The opening statement of Mr. Wise follows:] Opening Statement CHAIRMAN BOB WISE Subcommittee on Government Information, Justice, and Agriculture DATA PROTECTION, COMPUTERS, AND CHANGING INFORMATION PRACTICES May 16, 1990 Today's hearing is the first in a series on data protection, computers and changing information practices. There are two principal concerns before the Subcommittee at these hearings. First, Americans find that their right to privacy is threatened by the increasingly detailed maintenance of personal information by government and private sector record keepers. A recent poll found that nearly two-thirds of Americans felt that their privacy is threatened by computerized records. The percentage of people expressing concern doubled in the last five years. Some recent stories illustrate the wide range of threats to personal privacy. -- A new CD-ROM product available this summer will include information on 80 million households and 120 million consumers. The data base will include names, addresses, estimated income, and propensity to buy over 100 consumer product categories. -- A recent court case held that it was legal for the FBI to go to a photo store and order a copy of film left for developing by a consumer. The photo store employee made a duplicate set of prints for the FBI without a subpena or warrant. The case raises the possibility that the FBI can routinely get copies of film left for developing at film stores. -- There was a recent report that car rental companies are running background checks on drivers without notice to consumers. - Travel agents, airlines, car rental companies, and others in the travel industry are fighting over ownership of information about an individual's travel plans maintained in computer reservation systems. Travellers are not aware of the extent to which the industry is trafficking in their private travel plans. Some hospitals are using identifiable patient information to compile mailing lists for the purpose of selling services through direct mail. In the last Congress, a bill was enacted to protect the privacy of video rental records. This is popularly known as the Bork bill. Our ranking minority member, Mr. McCandless, was one of the principal sponsors of the legislation. His expertise and experience with the Video Privacy Act will be valuable during these hearings. While we have some protection for video rental records, there is no similar protection for records of other consumer transactions and behavior. There are no formal legal protections for records about the purchase of books, music, computer software, mail order merchandise of all sorts, travel services, meals, film developing, and other goods and services purchased by consumers. Companies are able to compile, use, and sell this information without restriction and without notice to consumers. This issue is well illustrated by the new "frequent buyer" programs now being implemented at some supermarkets. We will be taking a close look at this use of computers and scanners to maintain records about supermarket purchases. People spend about 20 percent of their disposable income in supermarkets. Now there is a prospect that there will be an individually identifiable record of each item you purchase. |