Date: Wed, Sep 13, 2000 11:52 PM
It seems clear that no amount of self regulation will ever come close to accomplishing the amount of privacy protection individuals require. This privacy is in direct conflict with the profit making motive of the institution in possession of the information. Thus, only if penalties apply will a citizen have any meaningful degree of privacy.
Having civil or criminal penalties per se, however, punishes the financial institution without necessarily helping the individual whose privacy has been breached. More useful, I think, would be laws holding the breaching institution liable to the individual for any and all damages that may accrue. In this way, release of information by a bank that leads to more junk mail for a consumer would be allowed. On the other hand, losses due to identity theft or misuse of a fraudulently obtained credit card would be fully compensated to the individual on the grounds that the financial institution was negligent in releasing the information for use by unauthorized individuals.
Related to this I have for some time felt that those who make major financial commitments (obtaining a mortgage loan or credit card) should at least have the option to be fingerprinted or identified by some other biometric means (retina, voice etc as they become standardized). In this way, it would be much easier to determine if the user of a credit card has been properly identified.
Martin G. Rosenblatt, MD