Ask the Scholar

Document scope · 1 page
doc
Scholar
Ask about this object, its catalog metadata, its source description, or the page inventory. For page-specific OCR and visual context, open one of the page chats.

Scholar Source Context

Document identity
localId
55033920
label
Social Security
core
doc
dtoType
document
pageCount
1
Source metadata
Source extras
naId
55033920
levelOfDescription
fileUnit
otherTitles
42-t-7367475-20150274S-031-024-2017
recordType
description
ocrSource
nara-archive
Single page context
seq
1
pageIndex
0
type
document
mediaId
0ed5cfe5a87949f7
ocrText
07/07/98 21:19 DOMESTIC POLICY Acldsha July 31st PONS THE WHITE HOUSE event WASHINGTON vlvions w July 7, 1998 MEMORANDUM FOR NEC/DPC DEPUTIES Social Security FROM: Sally Katzen, Tom Kalil RE: July 8th Deputies meeting on privacy Attached is a paper on a set of policy options to address privacy issues that has been prepared by the NEC/DPC Working Group on Privacy. This package is designed to: Address "cross-cutting" issues that affect a range of privacy concerns (privacy entity, privacy online, dialogue with state and local government, and public education); Target sectors or users that are particularly sensitive (children, medical records, financial records, profiling, identity theft, social security numbers); Address both "offline" and "online" privacy; Encourage self-regulation where possible and identify the need for legislation where necessary; and Maintain a balanced approach that recognizes the values associated with the free flow of information and with giving individuals greater control over their personally identifiable information. We would like to use the meeting tomorrow to determine where we have consensus and whre there may be areas of disagreement. It is our intent to schedule a Principals meeting on privacy as soon as possible. Summary of policy options Cross-cutting 1. Privacy entity: Designate a White House policy council or OMB to increase coordination on privacy issues. 2. Online privacy: Continue to press for industry self-regulation - with the option for a legislative solution if self-regulation proves to be inadequate. Blank: What is The problems? 07/07/98 21:19 DOMESTIC POLICY 02/016 Distribution Rebecca Blank, CEA Randy Lutter, CEA Becky Burr, DOC Dawn Friedkin, DOC Barbara Wellbery, DOC Abel Lopez, DOE Scott Charney, DOJ Mark Eckenwiler, DOJ Roslyn Mazer, DOJ Miriam Miller, DOL Linda Duggan, DOS Peggy Grafeld, DOS Nancy McFadden, DOT Greg Chang, DPC Tom Freedman, DPC Mary Smith, DPC Peter Wathen-Dunn, ED Mark Day, EPA Ariadne Goerke, EPA David Medine, FTC John Fanning, HHS Wendy Liffers, HHS Jennette Smtih, HUD Maya Bernstein, OMB David Beier, OVP Jim Kohlenberger, OVP Beverly Linden, SBA Greg Baer, TRS Michael Moynihan, TRS Amold Bresnick, USDA Anne Reed, USDA Donald Abelson, USTR Jonathan McHale, USTR 07/07/98 21:20 DOMESTIC POLICY 3. Privacy dialogue with state and local governments: Initiate a "privacy dialogue" with state and local governments about the privacy of personal information collected by governments. Discussion could include: state privacy laws, use of Social Security numbers, impact of new technology on definition of "public records." 4. Public education: Work with the private sector and non-profits to develop an advertising campaign to inform individuals about how to exercise choice with respect to the collection and dissemination of their personally identifiable information. Areas of particular sensitivity 1. Information about children: Call for legislation that would specify a set of fair information principles applicable to the collection of data from children (e.g. no collection of data from children under 13 without prior parental consent). 2. Medical records: Call for legislation on privacy of medical records consistent with HHS report. 3. Financial records: Call for amendments to Fair Credit Reporting Act to limit the "affiliate sharing exception." Businesses could share consumer information for marketing purposes, but not for business decisions. For example, consumer information provided to an insurance affiliate could not be used to deny a person a loan without FCRA protection. - Authorize the Fed to write enforceable rules on inter-affiliate information sharing. Determine whether Justice and FTC have adequate jurisdiction and penalties to punish theft of personal financial information. 4. Profiling: Call for legislation that would give the FTC the authority to require "profilers" to comply with a set of fair information practices. Profilers are in the business of compiling and distributing electronic dossiers on individually identifiable consumers. 5. Identity theft Endorse Kyl bill on identity theft, provided it addresses concerns of Treasury and Justice. 6. Social Security Numbers: Conduct a study that looks backward to discern "lessons learned" from social security experience and looks forward to avoid the same result with respect to new identification technologies (e.g. biometrics). 2 DOMESTIC POLICY 04/016 07/07/98 21:20 10:38 FROM: ID. PAGE 2/1 MEMORANDUM TO: Sally Katzen FROM: Andrew Pincus DATE: July 7, 1998 RE: Privacy - - Legislative and Other Options This memorandum outlines a series of Administration proposals for enhancing privacy protection by acting in the following areas: Creation of a Federal Privacy Entity Medical Records Profiling On-line Information About Children Government Information Credit Reporting Financial Industry Identity Theft Theft of Personal Information Public Education Social Security Numbers Commercial Marketing DOMESTIC POLICY 07/07/98 21:20 15:38 FROM: ID: PAGE 3/1 BR where CREATION OF A FEDERAL PRIVACY ENTITY withing New technologies have made it easier to create, manipulate, store, transmit, and link digital (located personally identifiable information. Many Americans believe that they have lost all control over how personal information about them is circulated and used by companies. We can expect that -OIRA RA these issues will become more important and prominent with the advent of new technologies ans such as the Internet, electronic commerce, and data mining. Privacy concerns often, however, have to be accommodated with competing values - such as fows prevention of crime, prosecution of criminals, cracking down on "deadbeat parents," free expression, an investigatory press, and the economic and commercial benefits that come from the on goit free flow of information 1350us Attempting to centralize privacy policy development within the Administration would not make any sense. Inevitably, many agencies will have to deal with some aspect of privacy policy -- Education on student records, HHS on medical records, Transportation on Intelligent Transportation Systems, etc. There is, however, an increased need for coordination across agency lines, precisely because privacy is a cross-cutting issue. This would be particularly helpful in the following four areas: Representational - Better explain and promote the Administration's privacy policy domestically and internationally. Currently, the United States is not represented in many important international fora on privacy. not Consumer Information - Increase public awareness of privacy issues and the rights and responsibilities of consumers, industry, and government. Use the "bully pulpit" to encourage best practices and criticize bad actors. Advisory - Provide/coordinate advice on privacy policy questions to government agencies and the private sector. Coordination - Ensure that agencies are addressing emerging privacy issues, and ensure greater consistency of Administration positions and policies. Option The Administration could create a Federal privacy entity located in the Executive Office of the President. There are advantages and disadvantages to putting it in OMB, making it a new White House office, or putting it under one of the existing White House policy councils. Since shaping privacy policy requires accommodating different interests, it would be better if it were located in 2 DOMESTIC 21:21 . 07/07/98 15:39 ID, PAGE 4/1 FROM: an office that had other responsibilities. Having an office that saw itself exclusively as a "privacy advocate" would be counter-productive. The entity should have a small staff - since the intent is to have it play a coordinating role as opposed to an operational role. HEALTH INFORMATION nambre was Cautibut The confidentiality of health information is a matter of widespread national concern, and the protection of this information has been a priority of the Administration. On September 11, 1997, Secretary of Health and Human Services Donna Shalala recommended that Congress enact Federal legislation to protect the confidentiality of health information by imposing duties on those who hold such information and providing rights to the subjects of the information She proposed that the Federal law provide a floor of protection, and that States be permitted to, in addition, provide stronger protections. Under the recommended legislation, health care providers, those who pay for health care, and those who get information from those entities would have to permit patients to see their own records, to keep records of disclosures and let patients know who has seen their records, and to permit patients to file proposals for correction of erroneous records. All entities collecting or maintaining information would have to advise patients clearly of their confidentiality practices and of the patients' rights. Disclosures would be limited to those authorized by the patient, or those specifically permitted in the legislation, including disclosures for important public purposes, such as treatment and payment, research, public health, oversight of the health care system, and use in law enforcement or other legal proceedings if permitted by other law. There would be strict limitations on further disclosure in many of these instances. Within an organization, information could be used only for purposes reasonably related to the purposes for which it was gathered, and all disclosures would have to be limited to the minimum necessary to accomplish the purpose of the disclosure. Entities receiving information pursuant to patient authorization would have to give patients a statement of their intended use of the information, and would be civilly liable for uses in violation of that statement. There would be civil and criminal sanctions for violations, such as improper disclosure and obtaining information under false pretenses. Congress is now considering the recommendations. 3 DOMESTIC 07/07/98 21:21 JUL-07-98 15.38 FROM: ID: PAGE 5/17 A FTC authoriting PROFILING IRA wold cord Commercial "profilers" build dossiers about individuals by aggregating information from a corps variety of database sources, including public and non-public records. Individual reference services, sometimes called look-up services, represent a sub-set of the profiling industry. These services provide information that assists users in identifying individuals, locating individuals, and verifying identities. Best Practices Model - Individual Reference Services Group your On December 17, 1997, a group of 14 Individual Reference Services (the Individual Reference Services Group, IRSG) entered into an agreement on privacy practices with the Federal Trade Commission. The IRSG program is based on compliance with certain principles, including notice, disclosure, choice, security, and public education. IRSG members agreed to Rich acquire personal information only from reputable sources, to take reasonable steps to assure that data collected is accurate, complete and timely for the purpose for which it will be used, to correct non-public records when appropriate, and to limit distribution of non-public information to subscribers with appropriate intended uses. The IRSG committed to implement a rigorous enforcement compliance method. The Spenhed layage enforcement program has two prongs. First, signatories' practices are subject to review by a "reasonably qualified independent professional service." On the basis of established criteria, that entity determines whether a signatory is in compliance with IRSG principles. The results of the annual review are made public. Second, signatories who are information suppliers may not sell information to look-up services that do not comply with the IRSG principles. The IRSG members agreed to provide individuals with access to information contained in services and products that specifically identify them, unless the information comes from a public record, in which case the companies will provide the individuals with guidance on how they can obtain the information from the original source. FTC staff strongly disagreed with the access provisions of the IRSG practices, and the Commission and IRSG agreed to allow 18 months before revisiting the access issue. On the basis of the IRSG program and the commitment to review access issues, the FTC advised the Congress that legislation on individual reference services was premature. Legislative Option The Administration could embrace the IRSG approach and apply it more broadly by supporting legislation giving the FTC authority under Section 5 of the FTC Act to require those in the business of compiling and distributing (or re-using for marketing purposes) electronic dossiers on individually identifiable consumers to comply with a specified set of fair information practices. The grant of authority to the FTC could include a "safe harbor" provision -- profilers 4 DOMESTIC 07/07/98 21:22 JUL-07-98 15:38 FROM: ID: PAGE 6/1 who belong to a self-regulatory organization operating in accordance with practices approved by the FTC would be presumed to be in compliance with the Federal Trade Commission Act. ON-LINE INFORMATION ABOUT CHILDREN The solicitation of information from children presents a unique problem. Unlike adults, children generally lack the ability to provide legally binding consent and may not be cognitively capable of understanding the consequences of giving out personally identifiable information online. Many companies presently collect information from children for a variety of reasons - to contact a child to verify that they may have won a prize, to monitor children in chat rooms, for statistical purposes or for direct marketing purposes. On June 4,1998, the Federal Trade Commission released a report to Congress, Privacy Online, which surveyed 1,400 Web sites. Eighty-nine percent of children's sites surveyed collect personal information from children. Although 54% of children's sites provide some form of disclosure of their information practices, the Commission found that few sites take any steps to provide for meaningful parental involvement in the process. They found that only 23% of sites even direct children to seek parental permission before providing personal information Only 7% of the sites said they would notify parents of their information practices, and less than 10% provide for parental control over the collection and/or use of information from children. The Commission recommended that Congress adopt legislation protecting children's privacy online. Best Practices Model Online Privacy Alliance On June 22, 1998 the Online Privacy Alliance issued specific guidelines for the protection of children's' privacy online. Alliance members that operate sites directed at children under 13 have agreed (1) not to collect online contact information from a child under 13 without prior parental consent or direct parental notification of the nature and intended use of this information, including an option for the parent to prevent the use of the information and participation in the activity; (2) to assure that information collected will only be used to directly respond to the child's request and will not be used to recontact the child for other purposes without prior parental consent; (3) not to collect individually identifiable offline contact information from children under 13 without prior parental consent; (4) not to distribute to third parties any personally identifiable information collected from a child under 13 without prior parental consent; (5) not to give children under 13 the ability to post or otherwise distribute individually identifiable contact information without prior parental consent- sites directed to children under 13 must take best efforts to prohibit a child from posting contact information; and (6) not to entice a child under 13 by the prospect of a special game, prize or other activity, to divulge more information than is needed to participate in that activity. 5 DOMESTIC POLICY 07/07/98 21:22 PAGE Legislative Option The Administration has endorsed the FTC call for legislation with respect to children's' privacy online. The Administration could call for legislation that would specify a set of fair information practices applicable to the collection of data from children and give the FTC authority to promulgate rules based on such standards. The grant of authority to the FTC could include a safe harbor provision - data collectors who belong to a self regulatory organization operating in accordance with practices approved by the FTC for the collection of data from children would be presumed to be in compliance with the Federal Trade Commission Act. RELEASE OF GOVERNMENT INFORMATION States Public records are a rich store of personal information. Federal, state and local governments require individuals to provide various types of information and are usually required to make such Jove records available for public inspection. Public records include, but are not limited to real property records, marriage and divorce records, birth and death certificates, driving records, problem driver's licences, vehicle titles and registrations, civil and criminal court records, parole records, postal service change-of-address records, voter registration records, bankruptcy and lien records, bad incorporation records, worker's compensation claims, political contributions records, firearm actois permits, occupational and recreational licenses, filings pursuant to the Uniform Commercial Code and filings with the Securities and Exchange Commission. These public records contain extensive and detailed information (e.g., race, gender, Social Security numbers, addresses, dates of birth, marriage, and divorce.) Social Security numbers, for example, are available from the records kept by dozens of government entities, such as motor vehicle bureaus - many driver's license records make the individual's SSN, as well as their name, address, height, weight, eye color, gender, and date of birth available in one place. Dates of birth may be available from birth certificate and voter registration records, and land records typically include dates of sales, prices, size of mortgage amounts, and the property address and description, as well as the seller's and purchaser's names. The U.S. Privacy Act, 5 U.S.C. Section 552a (1988) protects individuals from non- consensual government disclosure of confidential information The Memorandum for Heads of Executive Departments and Agencies, signed by the President on May 14, 1998, directs agency heads to take specific action to assure that use of new information technologies sustain privacy protections provided by applicable statutes and that the information is handled in full compliance with the Privacy Act While the U.S. Privacy Act restricts the disclosure of personal information collected and maintained by the Federal government, many States do not have analogous privacy laws. Not only is the protection of information collected and maintained by State governments governed by an uneven patchwork of laws, but State freedom of information and public record laws, enacted 6 07/07/98 21:23 DOMESTIC JUL-07-98 15:40 FROM: ID. PAGE 8/1' before powerful information technology made collection and dissemination of information easy and efficient, allow many States to sell personal information. Issues around the collection, sharing and sale of personal information gathered by States are complicated by requirements under Federal law that States collect and provide certain information to the Federal government. These laws include transfer of information for tax purposes, to locate parents delinquent in their child support payments, and to determine food stamp and welfare eligibility. Any effort to restrict State collection and sharing of personal information will raise significant federalism questions. For example, two states have successfully challenged the Drivers Privacy Protection Act on federalism grounds. The Administration has already begun to address the issue of sharing of data by Federal agencies with State, local, and tribal governments in the President's Memorandum to Heads of Executive Departments and Agencies, signed on May 14, 1998. Option JAN D work Madrend The Administration could create a Federal-State Task Force to initiate a "privacy dialogue" to analyze the privacy of personal information collected by governments. The dialogue could include a study of the State laws that require the collection of personal information and the Federal laws that require States to collect personal information and consider the desirability of: 1. State enactment of laws similar to the Privacy Act. 2. Extension of the Privacy Act protections to Social Security numbers collected by State governments. 3. Re-evaluation of the meaning of "public records" in light of new technology. 4. A requirement that States redact Social Security numbers and other personally identifiable information from documents before they are placed in the public domain. 5. An Executive Memorandum to public schools reiterating obligations imposed by the Family Educational Rights and Privacy Act of 1974 under which public schools that accept federal funds are prohibited from disclosing a student's Social Security number and personal information without the student's request. 6. An Executive Memorandum to State attorneys general reiterating obligations imposed by §7 of the Privacy Act with regard to the protections afforded the collection of Social Security numbers and the requisite notice requirements. 7 DOMESTIC POLICY 07/07/98 21:23 CREDIT REPORTING The Fair Credit Reporting Act (FCRA) governs activities of agencies that furnish credit reports to third parties. The FCRA defines a credit reporting agency as a person or entity that regularly assembles or evaluates consumer credit information or other information on consumer for the purpose of furnishing consumer reports to third parties to be used as a factor in establishing the consumer's eligibility for credits, insurance, employment purposes, etc. Companies that share consumer information with their affiliates are not subject to the controls of the FCRA. Based on the above definitions, these companies are not considered "credit reporting agencies" because they are not providing the reports to a third party, but rather to themselves. Additionally, the information shared is not considered a "credit report" becaus: the information is not compiled by a "credit reporting agency." The FCRA, moreover, specifically excludes affiliate sharing from the definition of "credit report." The exclusion of affiliate sharing from the credit report definition and further regulation by the FCRA was debated during the 1996 Amendments to the FCRA. The FTC strongly argued that consumer information shared by affiliates should be subject to the protections of the FCRA. The banking industry argued the opposite. The banking industry won; the FCRA specifically excludes the information shared by affiliates from the definition of consumer report. The recent increase in cross-industry corporate mergers raise important privacy concerns with regard to the treatment of consumer information shared by affiliated companies. Such mergers may allow detailed and sometimes sensitive information about consumers, including medical and financial data, to be shared among newly related companies with relatively few restrictions. In the case of the recent merger of Citicorp and Travelers, for example, consumers might not anticipate that providing information for insurance underwriting purposes to one entity might later be used by the financial institution that is or becomes an affiliate. Legislative Options a. The Administration could call for legislation repealing the FCRA provisions that exempt affiliate sharing from the protections of the FCRA. Given the intensity of the debate on this issue during the negotiations over the 1996 Amendments and the banking industry's current opposition to this issue, this proposal may be extremely difficult to effectuate The FTC would probably, however, support repeal of the affiliate sharing exemption. b. The Administration could support amendments to the FCRA to limit the affiliate sharing exception for marketing purposes only and expand the protections of the FCRA to cover **) consumer information shared with affiliates when making business decisions. For example, businesses could share consumer information among affiliates in connection with a marketing campaign, but consumer information provided for insurance underwriting purposes to one entity could not be used by another entity to deny a person a loan without the protections of the FCRA 8 07/07/98 21:24 +++ DOMESTIC POLICY 012/010 JUL-07-98 15:41 FROM, ID. PAGE 10/17 implicated. This proposal may appease the banking industry, which uses the information mainly for marketing purposes, while still protecting the consumers. The FTC probably would support such action. Study Option As more databases are available directly to companies, and companies themselves share information directly, there is some concern that the FCRA may become outdated and obsolete. Companies, for example, will no longer purchase credit reports from a central bureau, but rather will obtain information directly from the individual sources and created their own internal credit reports. In the absence of traditional credit reporting agencies, the protections of the FCRA would evaporate. The Administration could undertake a study to determine whether the FCRA contains the protections needed in the electronic age. FINANCIAL INDUSTRY On June 12, 1998, the Acting Comptroller of the Currency announced that she directed the Office of the Comptroller of the Currency's (OCC) Privacy Working group to develop guidance for national banks addressing a number of consumer privacy issues, including web site disclosures of bank privacy policies, sharing of consumer information, customer information security and the problem of identity theft Sharing of Confidential Information with Third Parties (e.g. Direct Marketers) Financial services firms represent that they do not generally share confidential customer information with third parties (except service providers). Privacy advocates have not contradicted this assertion. Financial firms have three primary reasons for retaining this information: (1) the most likely purchasers of such information are the firm's competitors; (2) financial firms fear that their customers would react badly if they learned that their information was being sold; and (3) sale of such information is generally prohibited by State common law (i.e., the financial institution, acting as the agent of the customer, owes the customer a fiduciary duty and is prohibited from misusing information obtained from the customer in connection with the agency). The NASD-R recently proposed a new confidentiality rule for securities firms. In the area of direct marketing by the financial institution itself, the FCRA requires that customers of financial institutions be allowed to opt out of receiving pre-approved offers of credit cards or other credit. NASD and the FTC rules restrict the ability of securities brokers to cold call customers by, among other things, requiring the maintenance of "do-not-call" lists. 9 DOMESTIC POLICY 013/010 07/07/98 21:25 JUL-07-98 15:41 FROM: ID. PAGE 11/11 Option Conduct a study to determine exactly what the financial services industry's practices are in this area. Sharing of Information with Affiliated Companies Each of the nations' largest 25 banks has a securities affiliate, and banks of all sizes sell insurance Affiliate information sharing already includes not only sharing of information for marketing purposes (e.g., a credit card bank soliciting an affiliate broker-dealer's best customers for a new platinum card) but also for security purposes (e.g., tracking a credit card holder's spending patterns in order to detect immediately any unusual activity that might indicate fraud or theft) and increasingly for risk-management purposes (e.g., a customer's record of payment on a credit card apparently is quite useful in determining whether that customer is a good risk for auto insurance). Such practices can be expected to continue, as the lines between various types of financial services firms continue to blur and the firms continue to merge. Under the 1996 Amendments to the FCRA, customers have an explicit right to opt out of affiliate information sharing of personal information other than "experience" or "transactional" information (which may be shared not only with affiliates but also third parties). For example, a customer can prevent personal information contained in an account application from being shared. As a result, customers can generally avoid use of their confidential information for marketing purposes but not for fraud prevention or risk management purposes. This limited right was also brokered as part of the 1996 Amendments to the FCRA. The FCRA also contains an odd provision prohibiting the banking agencies from examining for compliance with the Act; rather, they must await a complaint or other indication of trouble. The banking regulatory agencies also are prevented from issuing regulations under the Act, but the Federal Reserve may promulgate "interpretative" opinions in consultation with the other agencies. These provisions were included in 1996 because of banking industry concerns about regulatory burden, as part of the delicate compromise that moved the bill forward. The Fed expects to issue an interpretation sometime this summer which likely would clarify what information can be shared with affiliates and how specific opt out notices should be. Options a Authorize the Fed, in consultation with the other banking agencies, to write enforceable rules in this area. Alternatively, give this authority to each of the agencies, to be exercised jointly. 10 DOMESTIC POLICY 014/016 07/07/98 21:25 JUL-07-98 15:42 FROM: ID: PAGE 12/17 b. Consider eliminating the restriction on examinations. We may wish to talk to privacy groups next week to see whether this step, which would certainly anger the banking industry, would achieve greater protection for consumers. Note: Consultations with those on the Hill should precede any action in this area, as they may not wish to revisit the compromise that it took them years to reach in 1996. Study Option The Administration could review whether the regulatory review process for mergers should include a consumer protection analysis. For example, in addition to Justice Department review of a proposed commercial merger, the regulating agency could review the proposed merger to determine whether the merger negatively affects consumers' privacy. On-Line Disclosures TannaDea Large banks generally have adopted the privacy principles promulgated by the banking trade groups and have posted these or similar privacy policies on their web sites, while smaller banks lesdals have been slower to do so. The Comptroller of the Currency has announced that it will consider promulgating voluntary guidelines for national banks to use in constructing web sites, and the FDIC's E-banking Task Force is surveying web sites of FDIC-insured institutions to confirm, based on a larger survey group, whether the results of the FTC survey accurately reflects the practices of the nation's Carv smaller state banks. Main Treasury met with each of the federal banking agencies (OCC, FDIC, Fed, and OTS) to discuss parallel action in the privacy area by all regulators. Each banking agency has accorded a high priority to the privacy issue and is looking at possible areas for strengthening regulatory practices and encouraging improved policies and procedures by regulated institutions. The banking agencies agreed to coordinate informally their previously independent efforts at establishing guidelines and examiner guidance with respect to banking industry on-line privacy disclosures. Option The Administration could officially encourage continued consultative efforts, while recommending more formal coordination efforts. 11 +++ DOMESTIC POLICY 015/016 07/07/98 21:26 JUL-07-98 15:42 FROM: ID: PAGE 13/17 IDENTITY THEFT The term "identity theft" generally refers to the fraudulent use of another person's identity to facilitate the commission of a crime, such as credit card fraud To commit identity fraud, a criminal gathers information about a person and then uses the information to adopt the identity of a victim. Under existing law, identity theft offenses are punished to the extent that they include identification documents (i.e., forged or stolen documents) and an intent to defraud the United States. Yet existing law does not reach identity theft that makes use of other means of identification, such as a social security number or a mother's maiden name. For this reason, it would be helpful to change the law to recognize the potential harm that could be done by offenders who commit identity theft with means of identification, and to address other problems that have emerged as a result of a dramatic increase in cases of identity theft At the same time, legislation to criminalize identity theft must be carefully crafted to avoid problems that could arise from the federalization of a large new class of crimes. Senator Kyl is in the process of marking up S. 512, the Identity Theft and Assumption Deterrence Act of 1997. After raising initial technical concerns about this bill, Departments of Treasury and Justice have worked to provide amendments (to be considered during markup) that would address any outstanding concerns. Legislative Options a The Administration could endorse the Kyl bill and work with him toward passage, provided that the reported version adequately address concerns of the Treasury and Justice Departments. b. Merchants require check-writers to provide proper identification, which often includes a driver's license or other identification card with a social security number. Usually a merchant will record the identifying number onto the check to provide proof of the verification activity. This simple action can create a ream of problems. As a result of this activity, a person's check, which contains a person's name, address, and bank account number, now also contains the individual's social security number. By linking these pieces of personal information together on a single check a merchant has made this customer an even better target for identity theft The Administration could seek legislation that makes it illegal to record social security numbers on a check that is being approved for a purchase. This would mirror a law that was passed several years ago that prohibited the recording of a credit card number onto a check when the credit card was used as a piece of identification Such legislation would neither make it 12 +++ DOMESTIC PULICY 07/07/98 21:26 15:43 FROM: ID: PAGE 14/17 illegal for a merchant to ask for the identification, nor indicate that such a check occurred. The law would merely prohibit writing the actual social security number on the check. Note, however, that modern "telecheck" technology permits merchants to ensure that a personal check is good without a Social Security number. THEFT OF PERSONAL INFORMATION In this case, which is the mirror image of identity theft, the offender obtains information illegally but then uses it for a legal purpose - e.g., pretends to be a customer in order to trick confidential information out of a bank, and then sells that information to a private investigator, perhaps in a divorce case. Chairman Leach has publicized this problem and is strongly committed to correcting it. His staff, however, is having a difficult time trying to do so. They have apparently abandoned imposing greater restrictions on bank security or greater criminal penalties on those who obtain the information. We had suggested that they speak to the FTC about whether civil enforcement was a possibility. Recommendation The Administration could explore whether the FTC and DOJ have adequate jurisdiction or penalties to punish those who obtain information by fraudulent means. Note: There may be a problem of unclean hands here, as law enforcement is a primary consumer of this information. PUBLIC EDUCATION The U.S. approach to privacy focuses on choice - individuals should have the choice to protect or disclose most personal information. Many Americans are unaware of how their personal information is used, and they do not understand how to protect themselves or exercise their ability to choose. Likewise, many businesses are unaware of consumer concerns about privacy and have not thought through their information handling practices in light of this concern. The Administration could identify private sector partners to develop an advertising campaign to inform individuals about how to exercise choice with respect to the collection and dissemination of their personally identifiable information. Such a campaign could include all advertising mediums - radio, television, print, and electronic. 13 (Devine - foo 225 SON EW, Social security trugible Drugs Joban - 120 will 700 will. /hring Some Policy and Planning Projects For the State Union SOTU TOPIC ANAA2 202 Involve health NW Tranhies $75 will I 0 Roemer Electronic university -teacher - delivery Relgious Freedom - (on servative - biology Schoil - demographics - Cullege purce 1, . tody Native American Initiative REGO (hallage a) tohncco legislation challege DOJ Debt collection - new trust fund Public/private partners aloowl 5) enrolly kids c) lonsual bell of 13. Internet/media responsibility V 1) gratic mm Pagers for DV WTW new goals - ellow car d) improve mediumine y - new lig. on froot/abise VAWA II - Miore rolated promium. e for FY '99 -trentment - Hate Crimes e) Lm. two 1.11 EEOC reform (civil rights gen'll) +7 revel Native American education Food Safety ($24 m.) breast \ Classant cwice I An Ains elei. withing : food- HACCP AJ 0 internet spann. 1400 number Victus 4595th WTW religini freend jussaich. Sheller DOS debt full furth cirdit N. Am. Initiate Print-ort Clinh GEITC - 06205 56109 7 FMLA Br/n- - One sivke great OIZOD Carlin S 57200 7 (- 1213 200 2 N Newscast: Social Security announces lowest cost DOCUMENT 13 OF 18 NTLN9729000009 Br Newscast: Social Security announces lowest cost of living allowance * in a decade, raising concerns over Americans' retirement future 508 Words 3370 Characters * 10/16/97 NBC Nightly News NBC News Burrelle's Information Services (Copyright (c) 1997 NBC News. All rights reserved.) TOM BROKAW, anchor (Seattle): These are prosperous times in the state of Washington and across America, maybe the most prosperous ever, but tonight there are some stark warnings about that time almost everyone looks forward to, * retirement. It is going to be very expensive, and the current safety nets simply cannot keep pace. All of this came out today when the Social Security Administration had some jarring news for senior citizens: their Social Security cost of living increases will amount to peanuts this year, just 2.1 percent. That's a lowest in a * decade. More on the retirement crunch from NBC's Lisa Myers tonight. LISA MYERS reporting: When photographer Constance Brown looks through her viewfinder at * retirement, she doesn't like what she sees. Ms. CONSTANCE BROWN: As a freelancer and as a child of the '60s, * I didn't join up with a company that had a retirement plan. I didn't think about it at all. MYERS: Now at age 50 she's confronting the harsh reality that she hasn't saved nearly enough. Ms. BROWN: I think that I'll be working well into my 70s supporting myself. * MYERS: Today a new study by bankers and retirement groups finds that Brown may have lots of company. Americans are saving more, and * are more confident of a comfortable retirement, but in many cases that is a false confidence. About 20 percent of workers in their 50s have saved less than $10,000. Despite concerns about Social Security, 30 percent of Americans still have saved nothing at all, and only 15 percent have done any serious planning. Unidentified Man: The bulk of Americans are prepared to just sort of retire. And then sort of roll the dice afterwards, and to me that's quite shocking. Source: NBC Nightly News, October 16, 1997 Copyright © 1997 Dow Jones & Company, Inc. All Rights Reserved. Page 1 N MYERS: How much you will need to retire depends on what age you retire, lifestyle, health, and gender. Because women usually live longer, they need to save more than men. Financial planners say that whatever amount you think you need, is probably way too low. Man: Generally speaking they don't anticipate what inflation is going to do, and they don't give themselves enough time. They need to be saving generally two times as much as they're putting away * today to meet their retirement goals. MYERS: The real numbers are downright scary. If you're a middle income couple, 55 years old, planning to retire at 65, experts estimate you'll need to save an astonishing $1.5 million to maintain your current lifestyle. A 40-year-old middle income couple needs $2.5 million. A 25-year-old couple, $2.6 million. Ms. BROWN: Every young woman that helps me here in this studio and that I get to know, I grab them by the shoulders and I shake them and I say, at 25, even if it's $100, stick it in an IRA. MYERS: And Brown warns that's just if you want to get by. Baby boomers dreaming of living out their golden years in luxury better think again. You'll need more than $7 million. Lisa Myers, NBC News, Washington. Program Time: 6:30-7:00 PM Nielson Rating 13097620 Reference: 971016 I0607 * End of document. Source: NBC Nightly News, October 16, 1997 Copyright © 1997 Dow Jones & Company, Inc. All Rights Reserved. Page 2 N Newscast: Social Security announces lowest cost DOCUMENT 13 OF 18 NTLN9729000009 Br Newscast: Social Security announces lowest cost of living allowance * in a decade, raising concerns over Americans' retirement future 508 Words 3370 Characters * 10/16/97 NBC Nightly News NBC News Burrelle's Information Services (Copyright (c) 1997 NBC News. All rights reserved.) TOM BROKAW, anchor (Seattle): These are prosperous times in the state of Washington and across America, maybe the most prosperous ever, but tonight there are some stark warnings about that time almost everyone looks forward to, * retirement. It is going to be very expensive, and the current safety nets simply cannot keep pace. All of this came out today when the Social Security Administration had some jarring news for senior citizens: their Social Security cost of living increases will amount to peanuts this year, just 2.1 percent. That's a lowest in a * decade. More on the retirement crunch from NBC's Lisa Myers tonight. LISA MYERS reporting: When photographer Constance Brown looks through her viewfinder at * retirement, she doesn't like what she sees. Ms. CONSTANCE BROWN: As a freelancer and as a child of the '60s, * I didn't join up with a company that had a retirement plan. I didn't think about it at all. MYERS: Now at age 50 she's confronting the harsh reality that she hasn't saved nearly enough. Ms. BROWN: I think that I'll be working well into my 70s supporting myself. * MYERS: Today a new study by bankers and retirement groups finds that Brown may have lots of company. Americans are saving more, and * are more confident of a comfortable retirement, but in many cases that is a false confidence. About 20 percent of workers in their 50s have saved less than $10,000. Despite concerns about Social Security, 30 percent of Americans still have saved nothing at all, and only 15 percent have done any serious planning. Unidentified Man: The bulk of Americans are prepared to just sort of retire. And then sort of roll the dice afterwards, and to me that's quite shocking. Source: NBC Nightly News, October 16, 1997 Copyright © 1997 Dow Jones & Company, Inc. All Rights Reserved. Page 1 N MYERS: How much you will need to retire depends on what age you retire, lifestyle, health, and gender. Because women usually live longer, they need to save more than men. Financial planners say that whatever amount you think you need, is probably way too low. Man: Generally speaking they don't anticipate what inflation is going to do, and they don't give themselves enough time. They need to be saving generally two times as much as they're putting away * today to meet their retirement goals. MYERS: The real numbers are downright scary. If you're a middle income couple, 55 years old, planning to retire at 65, experts estimate you'll need to save an astonishing $1.5 million to maintain your current lifestyle. A 40-year-old middle income couple needs $2.5 million. A 25-year-old couple, $2.6 million. Ms. BROWN: Every young woman that helps me here in this studio and that I get to know, I grab them by the shoulders and I shake them and I say, at 25, even if it's $100, stick it in an IRA. MYERS: And Brown warns that's just if you want to get by. Baby boomers dreaming of living out their golden years in luxury better think again. You'll need more than $7 million. Lisa Myers, NBC News, Washington. Program Time: 6:30-7:00 PM Nielson Rating 13097620 Reference: 971016 I0607 * End of document. Source: NBC Nightly News, October 16, 1997 Copyright © 1997 Dow Jones & Company, Inc. All Rights Reserved. Page 2