Financial Privacy & Security News

Sacramento, California--California’s consumers are “Still in the Dark” when it comes to who has access to their personal information according to a privacy report released today by the California Public Interest Research Group (CALPIRG).

“This holiday shopping season millions of consumers surrendered their personal information to retailers across the country with no idea how or with whom that information is shared” said Pedro Morillas, CALPIRG Consumer Advocate. “Fortunately there is light at the end of the tunnel. California already has some good policies regarding this issue. A few additions to the existing policies will give consumers the tools they need to safeguard their personal information.”

According to the Office of Privacy Protection, in 2006 there were eight million victims of identity theft in the U.S. One million of those people were from California.  

Currently, consumers are empowered to contact companies with which they have done business and request an accounting of their information-sharing practices. Once a company has received such a request, it must do one of two things:   

-  Reveal the companies with which they have shared customers’ personal infor¬mation for marketing purposes within the previous calendar year, OR

-  Provide an opportunity for customers to opt out of information sharing at no charge (in which case the company is not required to tell customers what other businesses have received their information).

We asked members of CALPIRG to take part in a survey to determine how businesses respond to questions about how they share their customers’ personal information. The survey was designed to provide a “consumer’s eye” view of com¬panies’ responses to requests for privacy information.

Unfortunately, more than one-third of consumers reported receiving no response at all to their request for information .  Instead, many companies responded with:

-  Responses requiring more time and effort from the consumer (such as writing to another letter to a different branch of the company).

-  Automated responses having nothing to do with the customer’s information sharing requests.

-  A failure to respond to the request at all (which a company may only do if they do not share a customer’s information). 

While the current law is a good first step towards educating consumers about how their information is shared, these problems the report uncovered indicate that more needs to be done.  

CALPIRG is recommending that California policymakers require:

-  Companies that do business with California consumers to respond to privacy requests, regardless of whether they share information with third parties.

-  Companies to both disclose the personal information shared, and the third parties with which it is shared, and provide consumers with an opportunity to opt out of future sharing.

-  Companies to place a box on their Web sites’ privacy pages allowing consumers to opt out of information sharing.

-  Companies to get an affirmative “opt-in” from consumers before sharing their information with third parties, as opposed to the current practice of requiring consumers to opt out in order to protect their privacy.

“Consumers’ information is their own” said Morillas. “They have a right protect it and to know who is profiting off of it.”