Chapter 15 • Social, Ethical, and Legal Issues 583this information with affiliated companies or compa-
nies that the financial institution has employed to
provide certain services, or with credit reporting
agencies, or as part of the sale of a business.The requirement that the customer “opt out” to obtain
this limited privacy protection is a significant concern.
Because the ability to sell this information has substantial
value, the financial institution has the motivation to reduce
the likelihood that the opt-out option will be exercised. So
the required privacy notice might be long, written so only a
lawyer can understand it, printed in small type, and included
in the envelope with the customer’s bill along with several
advertising inserts. It takes a dedicated person to take the
time and effort to read through and understand the notice, to
figure out how to opt out, and to follow the required proce-
dure. From the standpoint of the consumer, an “opt-in”
policy would be much preferred, for it would force the com-
panies to explain clearly what would be shared, with whom,
and how the information would be used in order to persuade
the customer to agree to the sharing.
Judging by their laws, many European countries
seem to value privacy more highly than the United States
does. According to Grupe, Kuechler, and Sweeney (2003),
the U.S. position on privacy can be characterized as:
- unprotective of data about individuals collected by
businesses and government - an unrestricted flow of data among companies
- a market-driven view of people as consumers under
which data are seen as a saleable, usable commodity
that belongs to the corporations - reliant on self-regulation by companies to respect an
individual’s privacy - regulated by specific pieces of legislation (i.e., by
sector) that relate to particular aspects of privacy, but
not to privacy generally
In contrast, the European position can be characterized as:
- protective of personal rights with respect to data
about individuals - restrictive regarding the flow of personal data out of
the country of origin, except to other countries hon-
oring certain privacy principles - having a view of the people as citizens who are in
control of their personal data - regulated by general laws, principles, procedures,
and standards adopted to oversee the collection of
data by governmental agencies established for this
purpose
The preceding differences in approach have led to
conflict. In 1998, the European Union issued a directive
that requires that countries allow transborder personal data
transfers only to countries that adhere to standards sub-
stantially equivalent to those of the European Union. That
does not include the United States, which threatened to
interrupt European operations of U.S. companies. After
some intense negotiations, an accommodation has been
worked out that allows U.S. companies to continue to
transfer data back to the United States if they certify that
they adhere to agreed-to “safe harbor” standards that are
roughly equivalent to those that the GLBA requires for
financial institutions.
The PATRIOT Act, passed by Congress soon after
the terrorist attacks of September 11, 2001, with the pur-
pose of protecting Americans against terrorism, signifi-
cantly weakened Americans’ constitutional protection
against unreasonable search and seizure by allowing the
FBI to force anyone—including doctors, libraries, book-
stores, universities, and Internet service providers
(ISPs)—to turn over records on their clients or cus-
tomers by simply telling a judge that the request is
related to an ongoing terrorism or foreign intelligence
investigation. Some sections of the PATRIOT Act had
sunset provisions that were due to expire, so in 2005
Congress reauthorized the act. At this time a number of
changes were made, some of which strengthened the
powers of the government and others that provided more
judicial oversight of the most controversial provisions,
including the section forcing doctors and libraries to turn
over records as mentioned previously.Identity Theft
Identity theft is a particularly detestable invasion of
privacy. According to the Federal Trade Commission
(FTC),identity theftis “someone appropriating your per-
sonal information without your knowledge to commit
fraud or theft.” An identity thief uses information about
you, such as your name, address, social security number,
credit card number, and/or other identifying information to
impersonate you and obtain loans or purchase items using
your credit. When the thief does not make the required
payments, it is reported to credit bureaus,and your credit
rating could be ruined. Furthermore, the thief’s creditors
might hound you to repay the debts that have been run up
in your name. Trying to clean up the mess the thief created
can take a lot of time and effort and exact an emotional toll
(see the box entitled “Identity Theft Nightmare”).
Technically, identity theft might not be solely a com-
puter crime, for the identity information about you might be
obtained by stealing your wallet or bills out of your mailbox,
by obtaining your credit card number from a credit card
receipt, by “dumpster diving” to find discarded paper records,