Connecticut Governor Seeks to Protect Personal Data Online

Technical Writing Geek alerts us to a report that Connecticut governor Jodi Rell has begun to develop legislation to create an "opt-out" registry to prevent the distribution of personal information on the internet. The registry would be analogous to the "Do Not Call" list. This comes after Rell received many complaints about the availability of personal data from directory assistance sites such as WhitePages and 411.com. While Rell understands that the "sites are breaking no law by gathering and disseminating this information," the legislation will add to the work she has done to re-evaluate the disposition of private data. Where do we draw the line between free speech and privacy in the information age? From the Journal Inquirer: "'Privacy concerns are constantly evolving,' Rell said. 'We must not only keep up with them but do our best to stay ahead of the curve.' Rell said she will ask state agencies to review private information about residents that the state collects, manages, and distributes."

Re:Publish personal details of all company board

[QuantumG]

Ummm.. if you can get it then how is it private information? Assuming, of course, that you are a member of the public and haven't broken any laws to obtain the information. That would seem to be the definition of public knowledge.

clueless

[Power_Pentode]

Once that opt-out list is complete, how much do you think spammers and scammers will pay for it? Oh, wait -- you're going to give access to anyone running a directory or investigative website? What could possibly go wrong?

Hmmmm

[edittard]

The registry would be analogous to the "Do Not Call" list.

In the sense that it, too, will be a totally ineffective waste of time?

Interesting

[Bootarn]

In Sweden we have laws against publishing personal information of citizens. To publish even the equivalent of the social security number you must have the consent of the citizen in question. Unfortunately within license agreements the paragraph covering consent of publishing of personal information is buried deep within the text.

Re:Publish personal details of all company board

[MightyYar]

It is not hard to find any of the information that you are asking about. Any public corporation will have SEC data about all of its officers.

Take 411.com. Scroll to the bottom and see that it is run by Whitepages.com, Inc. They have an "about us" page with a leadership section. On that page are all the names you need to get started. Let's start with the top: Alex Algard, Founder and CEO. Searching for him on 411.com yields:

Algard, Alexander & Susie K
1005 5th Ave W
Seattle, WA 98119-3613

3 blocks from their main offices... so, yeah, that's him. Hard, huh?

CEOs not only have less privacy than us already, they have more people looking for them.

Re:Publish personal details of all company board

[Sandbags]

I do believe the idea here is "how did they get it?" Your name and phone number may be published in phone books from the phone company to which you subscribe, but you can easily enough opt out (become unlisted) and then that information is no longer publically accessible. Your e-mail address, employer, physical address, and more should not be part of public record. Sure, that information may be contained in legal and tax documents held by your local, state, or federal govt offices, but when requesting (legally) copies of documents that do not reference YOU directly, then the office of gov't providing you the copies is supposed to blank out (with heavy, permanant black marker or other obscuring technique) any personal data.

So how are they coming aboiut your information "legally?" This is where the state of CT actually has some power. It may not be in their power to make it illegal for you to have that data from public records, or even to publish it, but they can make it illegal to have any gov't office provide it to a 3rd party, and they can allow you to do this through an opt out list, or simply make it the default policy. They can also require the companies traficking in personal information to list how and when they acquired your data (and individually which peices of it) upon request, make it illegal to resel lists on which people have not opted IN to being included, and more.

Here's an example where I have issue: I'm selling a house. Any person can request from a city office to tell them how much I paid for that house. In the market where I'm selling my home, this clearly indicates that I greatly underpaid for my home 2 years ago vs the current market value, and that I will be making a substantial profit selling it. This is regardless of it's real appriased value with is still even higher. If I go to buy a used car, I can "ASK" to know how much the dealer paid for it, but I can't legally acquire that information independetly. Nor can I do so for the shiny new HDTV I want from a local electronics store. How is it legal for people, or real estate companies, to get this information from the city office on a simple request? If I had bought the house for more money, or if I had bought it this year instead of last year, the value I paid on paper would be higher, and I would not be haggling over such a drastic price difference. Am I not allowed to take advantage of a lucky deal and make money? The buyer can even determine how much I owe on the mortgage on the property by following a paper trail and having a realtor make a credit inquiry. This should not be legal. This is PRIVATE information. Were it legal to do this in all forms of sales, the margins on products acress the board would collapse and the US market would go into an instant depression and the dollar would fall to all-time low values.

While I'm talking about mortgages, how is it that the value of my mortgage is so readily available to hundreds of companies offering me credit cards, home loans, refinance, cash advances and more. How is my personal credit report open in such a way, but even I have to PAY to see a copy!?!? ...and there's no way for me to secure my credit information (though I can prevent new accounts being created, I can't stop them from pulling my report at will).

How much I pay in taxes, what kind of car I drive, where I live, my numbers and e-mails, all of this is important and private information. IT SHUOLD BE ILLEGAL TO GET THIS UNLESS I SPECIFICALLY OPT-IN TO ALLOW YOU TO COLECT IT, and then you can't resel that information unless I specifically opt-in to allow you to sell it. the opt-in process should not legally be allowed to be a byline in some contract either, or some hidden or automatic option, but should be legally required to be a seperate complete document that must be individually agreed to and signing it can NEVER be made a condition of any contract, service, or sale of any kind.

What about the data of 600 students in CT

[tenaciousdRules]

When I worked at the CT Department of Education, I lobbyed desperately for a centralized, secure data repository for student data. The analysts would constantly send student lists on disks via snail(or by a "secure" zip file), print paper lists of student data and take them offsite, and even put copies of this data on their personal computers to take home. I was passionate about keeping the demographic data of Connecticuts students secure and grew frustrated with the roadblocks.
We even got a Federal Grant with Governor Rell's help to contract out the project (we in no way had the resources to build it). As far as I can tell, the data are still in a SQL 2005 database, replicated multiple times, with access given to multiple undocumented users.
No business rules are in place other than the 1 overworked DBA there granting "read only" to anyone who requests it. There is a team there working very hard to make the data secure, but they are small and unsupported. Perhaps Madam Rell's efforts would be better directed at her own IT infrastructure...

Re:Publish personal details of all company board

[Sandbags]

Why should my taxes be of public(ally accessibly) record? Sure, there needs to be a back tracable record for auditing purposes, tax income to SSN and what not, but why should an individual outside of a government or 3rd party auditing firm have any access to that information? The general public needs to know the total taxes collected, and how that divides up by taxe type, code, and region, but not down the the detail of which individual paid (or owes) how much. This information has no interest or value on an individual to individual basis except to be abused by marketers to target me for products or services. If I offer this information by opting into an advertising matrix then they can have it. If I have no interest in credit cards I don't want to get 8 mailers a week offering me one. This is called selective initiated target advertising, and if people comply and list themselves for specific products then companies can save billions in falsly targeted mailings and the information I want to keep private can remain private.

The government needs to know how much to bill me for taxes, and wether or not i have paid it, sure. I can see where companies that issue credit or loans need to be aware of your credit rating and wether or not you have outstanding tax or other collections against you, but that information should be kept between you, the government, and the company you authorized to use that information for a specific purpose, it should not be out there for everyone to peruse! They shuold not be able to simply look that stuff up at will, but shuold be required, like when switching phone companies, to get 3rd party real time authorization.

If i want to switch from my local phone company's long distance plan to AT&T, I not only have to get on the line with AT&T, but they have to get a 3rd party on the line to confirm 1) i am who I say I am and 2) to confirm I authorized the change. Only then can AT&T file the paperwork to switch me. Some company offering me credit should have to do the same: 1) contact me in some way, or get me to contact them, 2) get my approval, with a 3rd party firm on the line at the same time to access my credit detail history, then and only then 3) access my detailed credit report. Prior to this point, all they should be able to get is my beacon score, debt to income ratio, and last year's income figures, and only if they already have my name and address and if I have not opted out of allowing them that information. They should have no knowledge of any collections against me, loan balances, number of credit cards, or anything else. If they want to offer me services, all they need is to know if I qualify in general. If I want their services, then can perform a full qualification, but only with 3rd party approval. They should not be given information outside of what qualifies or declines me (the fact that I have 6 credit cards with a total balance of $2000, $300 available is important, and wether or not I'm making payments on time, but who those cards are with is irrelevent) How much I PAID for my house has no bearing on what I'm selling it for, only what it's appraised for (to a potential buyer) and my loan balance (to another lender) has any bearing there. Maybe how long I've owned it... Even that information should be by individual request only and not published in some freely available list. Consumers should not be able to get a detailed list of what each house on my street sold for and when, but should only be able to get estimates or averages, or price ranges in 25, 50, 100, or 250K (based on total price). For example, if I bought my house for 182K, all anyone should be able to know is in 2006 when that happened, i paid between 150K and 200K for it, they should not see my exact closing price.

If every company offering or merketing a service, loan, credit, or porduct had to get my permission before accessing my personal information, and confirm that permission with a 3rd party auditing firm, then identity theft would be MUCH harder to pull off.