NY AG Wants Do Not Identity Theft Law

from the here-come-the-legislators dept

New York’s Attorney General (and gubernatorial candidate) Eliot Spitzer seems to show up wherever there’s an issue that’s getting a lot of press. He took on Wall Street companies, spammers and insurance scammers among many others. So, is it really any surprise that he’s now decided to take on identity theft? Of course, there already are laws against identity theft and fraud. While they could be made better, it’s not clear that’s what’s happening here. In fact, one of the proposed laws speaks directly to all of those recent data leaks from ChoicePoint, LexisNexis and others. It would create a “Do Not Share” list that people could sign up for, forbidding any of these companies to share your data. While this might sound good on its face, it seems to be based on the idea that there really isn’t a good reason for companies to ever share your data — which isn’t quite true. Many of the conveniences we have these days is because of the data that’s available. Granted, in plenty of cases it may have gone too far, and these companies have done a dreadful job — but a full stop “do not share” list (which many people would quickly sign up for without realizing the impact) could greatly inconvenience many people. A much more reasonable solution isn’t to ban all sharing of information, but to give people more control and visibility into (1) what information companies have about them and (2) how it’s being used. That way, individuals can work to prevent the misuses, while still getting the benefits.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “NY AG Wants Do Not Identity Theft Law”

Subscribe: RSS Leave a comment
Precision Blogger (user link) says:

In fact, federal legislation is needed

Companies are now writing “eulas” that strip away all your rights and give them the right to load software on your computer forever, share your data with anyone, etc.

We need some basic federal guidelines about what constitutes reasonable data sharing, without and even with permission. And we definitely need legislation limiting what a EULA can do.

Originally, EULAs were a vehicle for limiting company liability. Now they are a vehicle for getting you to sign a contract without reading it.

– The Precision Blogger

Oliver Wendell Jones (profile) says:

Kind of like Credit Reporting laws

The way the laws are now, you have a legal right to review your credit history report and report any discrepancies.

Although getting the credit reporting agencies to actually follow through on your complaints is about as much fun as a root canal, you can push the issue hard enough and get something resolved.

With these information brokers, we have no way of knowing what information is stored about us, how much of it is wrong, etc.

One time, a long time ago when I was young and foolish, I got a dept. store credit card and had them add a second card in my girlfriend’s name. Then I started getting phone calls at home asking for her – then others asking for my spouse. When I explained that I’m not married, they said “Oh, our records show you have a wife named Catherine”.

I still get calls like that and it’s been almost 20 years!

Grady says:

*I* want a

Mike, you are all wrong here. I don’t want the “conveniences” you tout if my privacy is what it costs me to enjoy them.
You start out talking about a list that I can put my name on if I choose to, to stop the flow of junk mail if I choose to, to reduce my exposure to ID theft if I choose to, to prevent someone from profiting on my credentials if I choose to. Sense a theme here? Your argument falls completely flat when you make the logical leap *from* calling a list on which I can voluntarily place my name *to* stating that we shouldn’t really “ban all sharing of information”. An Opt-In policy is not a ban. It is simply an assurance that my identity is mine to do with as *I* please and not a property that can be marketed by someone without my express permission. Nobody should have the right to subvert that basic a right.
You condescend when you assert that people are too stupid to know best what to do with their own personal information. Heavens — how destitute my life would be if I didn’t have daily offers in the mail for pre-approved credit cards and an inbox full of emails offering me cheap prescription drugs, fountain-of-youth pills, and a larger p_nis. How would I survive without such “conveniences”?
The ONLY good reason for companies to ever share my data would be if I make the determination about who gets it, and for what purpose. I’ll do without any services whose providers require that I give over ownership of my identity without my prior knowledge.

Mike (profile) says:

Re: *I* want a

Heh. I didn’t expect this to be a popular viewpoint, but there are so many things that are possible today that you ENJOY because this data gets shared.

So, absolutely YES, the system needs to be changed to give users more control over it. But completely opting-out doesn’t just do damage to individuals but the ease of capital flow throughout our economy. It would cripple our economy to have a complete opt-out list like this.

You would find it almost impossible to get a credit card, mortgage or loan. However, if that’s what you want…

eskayp says:

No Subject Given

I can live with the inconvenience (to the info sharing parasites) in order to maintain my personal privacy.
What should have been mandated as ‘opt-in’ from the beginning was transmogrified into ‘opt-out’
in a sad bevy of state legislatures across the nation.
All it took was large corporate political donations and some collegiate/consultant shills to declare an open season on private and personal data.
Ask the people who have had their data stolen in some of the recent database cracks
whether they would feel inconvenienced by mandating privacy for their personal data.
One wonders why some of those data aggregators are not held legally liable for failure to provide adequate security.
Once again fiduciary accountability is a mirage.

doodadman says:

No Subject Given

Some of the information sharing is done in order to process or complete transactions.

The simple approach, then, would be to have the list law specifically prohibit any and all exchange of personal information that is not absolutely necessary to the completion of a transaction specifically authorized by the consumer, or any use of such information for any purposes other than the specific transaction for which it was exchanged.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...