Credit card marketers and other financial services firms may face new restrictions on their vast stores of customer data.
Government agencies, spurred by public uneasiness with the burgeoning market for data about individuals, are trying to spell out new rules governing what information companies may collect and how they may use it. Many businesses, especially credit card companies and credit reporting bureaus, fear the government will lay down harsh restrictions that stymie their operations. But officials insist the personal information business needs a healthy dose of supervision if customers are to trust the fledgling market for electronic commerce.
"The successful development of an information infrastructure requires enhanced privacy protection," Sally Katzen, the Office of Management and Budget's administrator of information and regulatory affairs, told the Direct Marketing Association on May 13.
One of the government's aims is preventing fraud. But the government also wants to give individuals more say in how honest businesses use personal data.
That worries many in the industry.
"We haven't come to agreement on what is the appropriate balance between privacy and commercial use," said Martin E. Abrams, vice president for information policy and privacy at Experian Inc., one of the country's three largest credit reporting services.
At the request of Congress, the Federal Trade Commission is studying whether companies operating customer data bases violate consumer privacy rights. The agency has scheduled a workshop on privacy in Washington for June 10 to June 13.
Visa U.S.A. and Mastercard International have asked the government to limit current initiatives to crime prevention, rather than adding rules that could prevent legitimate businesses from reaching new customers.
But American firms may have to accept some new restrictions to keep their lead in global markets. In October 1998, members of the European Union will crack down on countries with inadequate privacy laws. Current U.S. laws are looser than those in Europe, so companies here could face restrictions on the use of data about their overseas customers.
OMB and other agencies added some heat to the debate in late April when they made public a draft of plans to tackle the problem.
According to the report, government officials are considering three options: improving self-regulation by industry, creation of an advisory commission on privacy, or establishing a federal agency to supervise privacy protection.
Although Ms. Katzen admitted that a new federal bureau is unlikely, she said industry could expect more government involvement, such as enhanced authority for the FTC. Comments on the plan are due June 27.
To limit the government's role, industry must be willing to police itself better. "If you tell us self-regulation can work, you need to tell us how," Ms. Katzen said. For instance, marketers must spell out how customer complaints should be handled and how violators should be penalized.
If regulators and the industry don't come to agreement, tougher laws may come from Congress. Sen. Dianne Feinstein, D-Calif., has introduced legislation that would prevent data base marketers from using Social Security numbers.
Although the legislation is meant to prevent fraud, Mr. Abrams complained it also would strip legitimate data base marketers of their most-used piece of information. "This would have a catastrophic effect on the financial services industry."