A government task force has issued a set of principles on data privacy, and some of what the panel wrote might crimp lenders' style.
The principles are intended to provide guidance to the public and private sectors on collecting and using personal information.
"The Principles for Providing and Using Personal Information" and an associated commentary were published in the Federal Register on May 25, and are open for public comment until next Monday.
The principles are the first work of the Working Group on Privacy of the interagency Information Infrastructure Task Force, which reports to Commerce Secretary Ron Brown.
The principles and commentary are meant to help legislators, regulators, and companies develop codes of practice.
Overall, said Martin E. Abrams, director of privacy and consumer policy for TRW Information Systems and Services, "the principles are pretty good."
Also, lenders should be pleased that instead of telling them "what you shouldn't do," the government issued a set of general principles, Mr. Abrams said.
However, two ideas in the commentary challenge the way lenders conduct their businesses, Mr. Abrams said.
A Phrase with Implications
One is the assertion that because consumers cannot ensure that personal information about them is being used fairly, they could be unaware of "adverse actions" against them.
For example, "a company may decide not to include an individual in a mass mailing offer regarding a financial opportunity because an analysis of that individual's credit history suggests the individual is a bad credit risk," the task force wrote.
Though the task force does not suggest an end to mass mailing, it does maintain that "it is particularly important to ensure that data users use personal information in acceptable ways."
The panel is apparently alluding to people's being excluded from solicitations on the basis faulty information in credit reports, Mr. Abrams said.
But Robert R. Belair, editor of Privacy and American Business, said it is not clear what the task force wants leaders to do to correct the problem.
Of more concern, however, said Mr. Abrams, is that the use of the term "adverse action" would trigger rights under the Fair Credit Reporting Act.
He said the task force may remove the expression from its final version, which will incorporate comments from the public.
Those likely to comment include Citicorp and other banks, the Direct Marketers Association, the Information Industry Association, and credit reporting companies.
In the other passage that worries Mr. Abrams, the commentary questions a widely accepted practice: the use of predictive models -- which, for example, assess risk and profitability.
"It is simply inappropriate to collect volumes of personal information because it may, in the future, prove to be of some unanticipated value," the task force wrote. "Moreover, once collected personal information should only be used for those current or planned activities, or other compatible purposes."
Predictive models that use information provided by consumers as well as data collected by lenders on the basis of consumer behavior are commonly used for marketing and for controlling risk.
But the task force wrote that tracking information about individuals without a defined purpose is an invasion of privacy.
The real issue, said Mr. Abrams, is, "not that you collected [the information], but how you use it."