The debate over who controls information about the consumer is at a crossroads.

Despite much industry glad-handing about the wonders of the information age, experts at a recent American Bankers Association forum agreed that consumers' rights to privacy are at risk.

But the panelists at the ABA's bank card conference in Orlando remained divided about the degree of regulation necessary, whether it should take the form of self-policing or be left to the government, and how much privacy consumers are entitled to.

"Consumer choice is critical," said David Medine, a Federal Trade Commission attorney. There is "a window of opportunity for the industry to fashion rules. At this stage it is more prudent for the government to educate itself about the issues, to monitor developments, and to allow self-regulation to work."

Representatives from MasterCard, Visa, and financial institutions said regulation was best left in private hands. They saw government intervention as premature and stifling of competition.

Charlotte Rush, senior vice president for global communications at MasterCard International, said, "There is no risk-free environment for the consumer," and so far there was no "critical mass of harm being done."

Mary Dobbs, president of USA Value Exchange, a First Data Solutions unit in Palo Alto, Calif., said consumers can simply "opt out" of having personal information shared. She said the best entities to protect the consumer are those that "own the relationship."

"The information that the government has is more harmful than the information that business has," she said. "Consumers can use the pocketbook to regulate business."

Some lawyers, watchdog groups, and government officials are tentative about regulation, seeking to balance the need for privacy with the benefits of competition in areas where consumer information is valuable to businesses.

There is only "limited federal legislation" about consumer privacy, and that mostly has to do with credit reports, said Anita Boomstein, partner in the New York law firm Hughes Hubbard & Reed.

From the recently enacted Savings Association Insurance Fund bill, Congress dropped a provision that would have allowed credit bureaus to sell financial information without consumers' consent. But other provisions supported by financial marketers were passed.

Ms. Boomstein said the worst possible scenario would be if states legislated on an "ad hoc basis with no consistency."

"It would be very, very hard for a company that wants to act responsibly to figure out what it has to comply with."

Mr. Medine said many businesses with consumer marketing data were in the habit of examining "your mouse droppings," information gathered by credit card companies from sales done on credit cards.

He pointed to an improvement in the Fair Credit Reporting Act last week specifying that prescreened credit card offers must disclose that information has been obtained from a credit bureau.

Evan Hendricks, editor and publisher of Privacy Times in Washington and an advocate of national privacy protections, called for more government control.

As an example of growing threats to privacy, he cited a recent incident involving the Lexis-Nexis data base. The company was accused in September of selling Social Security numbers, names, and addresses from its P-Trak computer file to anyone willing to pay for the information with a credit card.

"Today's choice for privacy is not respected," he said. "We don't want industry to step in and say, 'this is our privacy policy.' While some (policies) are good, others are terrible."

Subscribe Now

Access to authoritative analysis and perspective and our data-driven report series.

14-Day Free Trial

No credit card required. Complete access to articles, breaking news and industry data.