Privacy wrongs: corporations have more right to your data than you do - access to personal information

Washington Monthly, Nov, 1996 by James Rule, Lawrence Hunter

Beverly Dennis Is an Ohio grandmother and bona fide American consumer. Several years ago, she completed a questionnaire for the Metromail Corp., a direct marketing firm, in order to get free product samples. In her responses, she disclosed things like her income level, date of birth, the fact that she was divorced, her interest in physical fitness, and choice of "personal care" products, according to a lawsuit she is filing.

Dennis got more than free product samples. She got a "sexually graphic and threatening" letter from a convicted rapist in a Texas penitentiary. It turned out he knew quite a lot about Dennis, thanks to her questionnaire. He had written his highly personalized letter after being assigned the task of entering data from the questionnaire by a Metromail subcontractor. The use of inmates to answer 800-number calls, process consumer information, and even act as telemarketers, it seems, is widespread. "If it said [on the circular] it would be sent to a prison," Dennis later said in an interview, "I certainly wouldn't have filled it out."

Dennis is suing Metromail and the Texas criminal justice system for "outrageous disregard of public safety ... and dangerous invasion of privacy," among other things. It's hard not to feel that she has a point.

In fact, the manipulation of personal data that have been fed into the maw of the information society is, to cop an oft-used metaphor, like making sausage. If we really knew what was involved, we probably would want to have as little to do with the process as possible. The trouble is, we don't have that option. The relentless and systematic collection, compilation, and selling of personal information are built into the texture of everyday life. You may imagine that you can keep your distance from the vacuum-like data intakes by making shrewd choices about when, where, and to whom you disclose. But unless you're prepared to adopt a lifestyle like Theodore Kaczynski's, you're wrong.

Beverly Dennis, we trust, will bounce back from the nasty experience caused by the misappropriation of her data. But there's evidence that other types of misuse could be even more harmful.

With rising public anxiety about the victimization of children, for example, parents and other concerned adults are noticing how easy it is to get data that could be put to sinister use. To dramatize the point, a Los Angeles television reporter recently purchased from Metromail a list of 5,500 children, with their family names and addresses. Not to make the exercise too subtle, the reporter placed the order in the name of Richard Allen Davis, the man convicted for abducting, sexually assaulting, and murdering 12-year-old Polly Klaas.

It's hard to say precisely where these particular data originated. We do know that lists like this are compiled from such sources as the "birthday clubs" that retailers encourage parents to enroll their kids in, subscription lists for children's magazines, and toy store discount cards. What is almost certain is that whoever provided the information did not realize he or she was helping to feed a commercial data bank.

The most alarming uses of personal data often involve the least obtrusive forms of collection. Take getting a prescription filled. Increasingly, this involves feeding the patients' and physicians' names, along with other identifying data on the people and drugs involved, into a computer. Sometimes the acknowledged purpose of the data entry is to determine whether the charges are covered by insurance. In some places, laws require prescription data to be fed into government systems aimed at curbing prescription drug abuse. But whatever the ostensible purposes, people lose control over their information once it enters the data stream.

Often pharmacists sell information to "switchers"--operations that find buyers for such data. Some switchers, for example, collate information on users of specific drugs for sale to manufacturers of over-the-counter companion drugs. Then manufacturers direct advertising appeals to the targeted patients. Are these practices beneficial to patients? Conceivably, if the companion drug helps. Can they be dangerous? Quite possibly, for those who use the new medication without seeking medical advice from their own physicians.

But for most Americans, the issue here is probably not whether these practices are medically beneficial. It is that people whose data are appropriated in these ways have no say in what happens to their information. Indeed, it's not even legally theirs. Patients may have thought that their prescriptions were a matter between themselves and their pharmacists, but that idea is going the way of vinyl records. There is just too much demand for personal information, and there are too many sophisticated techniques for getting it.

Some may consider this the inevitable by-product of living in an information age. But these leaks can lead to authentic tragedies. John Doe, an AIDS sufferer, was a middle-level manager of the Southeastern Pennsylvania Transportation Authority (SEPTA). He had disclosed his condition only to his immediate superior at SEPTA, someone he trusted. But then other managers at the organization noted that Doe's charges on the employer-backed prescription plan were unusually high and had his account audited. The investigation showed that Doe had been getting prescriptions for Retrovir, an anti-AIDS drug.