WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1996 >> [1996] EPICAlert 11

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 3.11 [1996] EPICAlert 11


Volume 3.11 May 29, 1996

Published by the

Electronic Privacy Information Center

Washington, D.C.

Table of Contents

[1] Children's Privacy Bill Introduced

[2] Recent Problems in Direct Marketing Industry

[3] New Medical Privacy Bill Introduced

[4] Canadian NII Panel Calls for Privacy Law

[5] Supreme Court Rejects California Caller ID Case

[6] NRC to Release Crypto Report

[7] FTC To Examine Privacy Issues

[8] Upcoming Conferences and Events

[1] Children's Privacy Bill Introduced

On May 22, 1996, Representative Bob Franks (R-NJ) and Senator DianneFeinstein (D-CA) introduced the Children's Privacy Protection andParental Empowerment Act (HR 3508, S. not yet available). The billestablishes fair information practices for personal information aboutkids and is intended to curb recent abuses by the direct marketingindustry.

At a Capitol Hill press conference, Representative Franks said"commercial list companies are using that information to develop anelaborate data base on virtually every child in America. They'regathering children's complete names, ages, addresses and phone numbers
-- and often even their personal likes and dislikes."

As with other privacy laws in the United States, the CPPPEA focuses ona particular industry sector, in this case list brokers who collectand sell personal information on children. The Children's PrivacyProtection and Parental Empowerment Act would:

-- Prohibit the sale or purchase of personal information about children without parental consent;

-- Require list brokers and solicitors to disclose to parents,
upon request, the source and content of personal information on file about their children;

-- Require list brokers to disclose to parents, upon request, the names of persons or entities to whom they have distributed personal information on that parent's child;

-- Prohibit prisoners and convicted sex criminals from processing the personal information of children;

-- Prohibit any exchange of children's personal information that one has a reason to believe will be used to harm or abuse a child;

-- Preserve all common law privileges, and statutory and Constitutional privacy rights; and
-- Establish civil remedies and criminal penalties for violations of the Act.

More information about the CPPPEA is available at:

[2] Recent Problems in Direct Marketing Industry

The Children's Privacy bill grows out of reports on recent abuses inthe marketing industry. In one case, a news reporter for KCBS-TV inLos Angeles ordered a list of the names, addresses and phone numbersof 5,000 Los Angeles children from the nation's largest distributor oflists, Metromail. It placed the order in the name of Richard AllenDavis, the man currently on trial for kidnapping 12-year-old PollyKlaas from her Sausalito home and murdering her. After providing afake name, mailing address and a disconnected phone number, the listarrived the next day. The cost -- just $277, cash on delivery.

In another case, the direct marketing firm Metromail faces a classaction suit in Texas where the company used prison inmates to processpersonal data gathered from consumers. Beverly Dennis, a 47-year-oldOhio woman, received threatening and highly offensive telephone callsfrom a convicted sex offender. Dennis v. Metromail Corporation, TexasDistrict Court, No. 96-04451, April 18, 1996).

A report from the Center for Media Education also found that onedata-gathering company adds 67,000 children's names each week. Otherfirms sell segmented lists on grade school children and pre-schoolchildren.

Opinion polls also reveal strong public opposition to the unregulatedsale of personal data:

-- A 1991 Time/CNN poll found that 93% of American consumers believe "companies that sell information to others should be required by law to ask permission from individuals before making the information available;"

-- In the same poll, 90% said that "companies that collect and sell personal information should be prohibited by law from selling information about household income," and 68% said that companies "should be prohibited by law from selling information about product purchases."

It is not hard to guess what the poll numbers would say about the saleof data on children.

In a related matter, Ram Avrahami's case is scheduled to be heard by aVirginia judge on June 6. For more information on the case, see:

[3] New Medical Privacy Bill Introduced

On May 16, 1996, Rep. Jim McDermott (D-WA) introduced the "MedicalPrivacy in the Age of New Technology Act of 1996." The bill isdesigned to "ensure strong protections for the confidentiality ofpatient health care information and take into account the threats toprivacy created by emerging technologies and the computerization ofmedical records."

The new bill covers all types of medical information including geneticinformation. It requires informed consent before a patient's personalinformation can be transferred to any other party, except in verylimited circumstances. Patients would be allowed to examine andcorrect their records. Guidelines are set to ensure the security ofrecords. Unlike previously introduced legislation, S. 1360, under thenew bill states are not prevented from enacting stronger laws.

The bill was introduced after the House of Representatives approved abill providing for "administrative simplification" of medical records.
(See EPIC Alert 3.08, "House Passes Health Care Bill") and the Senatedebated S. 1360, introduced by Senator Bennett. The new bill providesfor a much higher level of privacy protection than either of those twomeasures.

The bill has been embraced by consumer groups such as the Coalitionfor Patient Rights, which describes it as the strongest medicalprivacy bill introduced to date. It was referred to the CommerceCommittee for review.

More information on the McDermott bill and medical privacy isavailable at:

[4] Canadian NII Panel Calls for Privacy Law

A report from the Canadian Information Highway Advisory Counsel (IHAC)
calls for the establishment of legal standards to protect privacy onthe information highway. The report, "Building the InformationSociety: Moving Canada into the 21st Century," states that "the rightto privacy must be recognized in law, especially in an electronicworld of private databases where it is all too easy to collect andexploit information about individual citizens."

The report follows a lengthy consultation process that began in 1994with the early policy development for the Canadian InformationInfrastructure (See EPIC Alert 1.07, "Canadian Gov't ReleasesDiscussion Paper on NII Privacy").

The IHAC recommends building on a standard developed by the CanadianStandards Association that has won praise from privacy advocates,
consumer groups, business and the health care industry. The CSA ModelCode is based on ten principles that could apply to all technologiesand types of businesses.

Canadian Privacy Commissioner Bruce Phillips commended the report andsaid that national standards would protect the privacy rights ofCanadians, give clear guidance to business, and promote commerce withtrading partners that have also established strong privacy safeguards.

The report of the Canadian Information Highway Advisory Counsel isavailable at:

The Office of the Privacy Commissioner of Canada has a web page at:

[5] Supreme Court Rejects California Caller ID Case

The Supreme Court has declined to review an appeals court ruling thatheld that lax FCC Caller ID privacy safeguards could preempt strongerstate protections. (See EPIC Alert 3.07, "California PUC FilesSupreme Court Appeal on Caller ID Decision"). But Pacific Bell andthe California Public Utility Commission both report that millions ofCalifornia telephone subscribers are taking matters into their ownhands, and selecting permanent call blocking for their lines.

According to Pacific Bell, at least three million customers haveselected the complete blocking option and that number is expected torise. California has the highest percentage of unlisted phonesubscribers in the country. (See EPIC Alert 3.05, "Calls Pour intoPacBell Over Caller ID").

It will be interesting to see if the blocking technology works aspromised. Several states encountered serious problems when Caller IDwas first introduced. (See EPIC Alert 2.04, "Caller ID PrivacyProtection Fails in Two More States", EPIC Alert 2.05, "Caller IDSnafus Continue: FCC Delays Implementation").

The FCC Caller ID rule is available at:

[6] NRC to Release Crypto Report

The long-awaited report of the National Research Council on encryptionpolicy is expected to be released tomorrow. "Cryptography's Role inSecuring the Information Society" will be released at a publicbriefing at the National Press Club, 14th and F Streets, N.W.,
Washington, D.C., at 1:00 pm, on Thursday, May 30. Committee memberswill respond to questions from attendees, and a limited number ofpre-publication copies of the report will be available at that time.

The committee also intends to conduct a second public briefing on thereport in Menlo Park, California at SRI International. The briefingwill be held in the Auditorium of the International Building from10:00 to 11:00 am on Wednesday, June 5. The address is 333Ravenswood Avenue, Menlo Park, California, 94025. For moreinformation about the briefing at SRI, contact Alice Galloway at415-859-2711.

EPIC commends the NRC for its efforts to make the report widelyavailable to the public. We hope the report will offer a newdirection for national cryptography policy.

More information about the NRC report is available at:

[7] FTC To Examine Privacy Issues

The Federal Trade Commission's Bureau of Consumer Protection will holda public workshop on Consumer Privacy on the Global InformationInfrastructure on June 4-5, 1996. Topics to be discussed include:

-- The Use of Consumer Information -- Electronic Regimes for Protecting Consumer Privacy Online -- Consumer and Business Education in Online Privacy Issues -- The Use of Medical and Financial Information Online -- The Impact of the European Commission's Council Directive on the Protection of Personal Data -- The Collection and Use of Information about Children
The workshop will be held on June 4, 1996, from 9:00 am to 5:00 pm(Room 432) and on June 5, 1996, from 9:00 am to 12:30 pm (Room 332),
at the Federal Trade Commission, Sixth Street and Pennsylvania Avenue,
N.W., Washington, DC 20580. Requests to participate in the workshopshould be mailed, on or before May 26, 1996, to Martha Landesberg.

EPIC wrote to the FTC in December 1995 and urged the Commission toinvestigate the misuse of personal data by the direct marketingindustry, particularly the sale of data about children. EPICrecommended that the FTC examine several issues including:

-- The collection and sale of personal data within the marketing industry and whether current trade practices violate federal or state law;

-- Whether the Mail Preference Service actually protects the privacy interests of consumers or whether there are there better and simpler methods for consumers to control personal data;

-- The sale of direct marketing lists to federal and state investigative agencies and whether these practices violate privacy rights and should be regulated or prohibited; and
-- Whether new technologies for anonymous and pseudo-anonymous payment schemes coupled with enforceable legal rights could help ensure the development of on-line commerce that promotes business opportunity and protects personal privacy.

The Federal Register Notice Announcing the Workshop Agenda isavailable at:

The complete EPIC letter to the FTC is available at:

[8] Upcoming Conferences and Events

Consumer Privacy on the Global Information Infrastructure. June 4-5,
1996. Washington, DC. The Federal Trade Commission's Bureau ofConsumer Protection. Contact Martha Landesberg (202) 326-2825

Privacy Issues Forum 1996. June 13, 1996. Privacy Commissioner of NewZealand. Christchurch, New Zealand. Email
Practicing Law Institute's 16th Annual Institute on Computer Law:
Understanding the Business and Legal Aspects of the Internet, June17-18, 1996, San Francisco. for info
or call 800/4770300.

Personal Information - Security, Engineering and Ethics. June 21-22 ,
1996. Isaac Newton Institute, Cambridge. Sponsored by CambridgeUniversity and British Medical Association. Paper submission due 10May 1996. Contact: Ross Anderson (

Australasian Conference on Information Security and Privacy. June24-26, 1996. New South Wales, Australia. Sponsored by AustralasianSociety for Electronic Security and University of Wollongong. Contact:
Jennifer Seberry (

The Internet: Transforming our Society Now. June 25-28, 1996. MontrealConvention Center, Montreal (Quebec), Canada. The Internet Society. Email:
Privacy Laws & Business 9th Annual Conference. July 1-3, 1996. St.
John's College, Cambridge, England. Contact: Ms. Gill Ehrlich +44 181423 1300 (tel), +44 181 423 4536 (fax).

DEF CON IV. July 26-28. Los Vegas, NV. Annual Hacker Convention.
Contact: or

Surveillance Expo 96. August 19-21. McLean, Virginia. Sponsored byRoss Associates. Contact: Marilyn Roseberry 703-450-2200.

Fifth International Information Warfare Conference, "Dominating theBattlefields of Business and War", September 5-6, 1996. Washington,
DC. Sponsored by Interpact, NCSA, OSS. Contact:
Advanced Surveillance Technologies II. Sponsored by EPIC and PrivacyInternational. September 16, 1996. Ottawa, Canada. Contact: or email

18th International Conference of Data Protection and PrivacyCommissioners. September 18-20, 1996. Ottawa, Canada. Sponsored bythe Privacy Commissioner of Canada
(Send calendar submissions to

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe, send email with the subject: "subscribe" (no quotes).

Back issues are available via

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 to focuspublic attention on emerging privacy issues relating to the NationalInformation Infrastructure, such as the Clipper Chip, the DigitalTelephony proposal, medical record privacy, and the sale of consumerdata. EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, email, HTTP:// orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks should
be made out to "The Fund for Constitutional Government" and sent to EPIC,
666 Pennsylvania Ave., SE, Suite 301, Washington DC 20003.

Your contributions will help support Freedom of Information Act and First
Amendment litigation, strong and effective advocacy for the right of
privacy and efforts to oppose government regulation of encryption and
funding of the National Wiretap Plan.

Thank you for your support.

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback