The following text is copyright 2005 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.

 

Another point solution in a broad problem space

 

By Scott Bradner

 

On June 1st part 682 of title 16 of the US Code of Federal Regulations went into effect. These rules concern the disposal of consumer report information and records.   In and of themselves these are useful rules but they eloquently demonstrate the inability of lawmakers to craft general solutions to general problems.

 

The disposal rules (http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr;sid=0d3fe072f4cc775835c2e91fd5559b18;rgn=div5;view=text;node=16%3A1.0.1.6.69;idno=16;cc=ecfr) require that anyone who has a consumer report about someone properly dispose of the paper or electronic records when done with them.  This means "burning, pulverizing or shredding of papers" and the "destruction or erasure of electronic media."  The term "consumer report" used in the disposal rules is defined in the Fair Credit Reporting Act (http://www.ftc.gov/os/statutes/fcra.htm) and means "any written, oral, or other communication of any information by a consumer reporting agency bearing on a consumer's credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living" to be used to determine credit or for employment background checks.

 

The disposal rules are part of the Fair and Accurate Transaction Act of 2003 (http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=108_cong_bills&docid=f:h2622enr.txt.pdf) 

 

This 61 page Act covers a lot of good stuff including your right to get free copies of your credit reports, the right to add a fraud alert in your record at the credit reporting agencies (to prevent credit being extended to you without your specific OK), truncating credit card and Social Security numbers on printed materials, and your rights when trying to correct information held by the credit reporting companies.  It also spends a lot of pages trying to preempt ways that the credit reporting industry might try to get around obeying the law.

 

What the Fair Credit Reporting Act and the Fair and Accurate Transaction Act lack are any overarching principals.  Such a principal might be that an individual can opt out of having any credit report like information shared about themselves (unless the distribution is in conjunction with a legally constituted law enforcement or terrorism investigation).  If I'm not trying to get additional credit cards or loans I should be able to just say "no."  Instead the laws focus on particular details, missing many that will have to be patched later.

 

For example, the disposal rules only apply to "consumer information" which means "any record about an individual ... that is a credit report or is derived from a credit report" and ignores any requirement to properly dispose of other information that a business may hold about individuals.  It would have been easy for Congress to stop the definition of consumer information after "record about an individual" -- but that would have been far too pro-consumer.

 

disclaimer: I do not know if Harvard's Kennedy School of Government has classes on when to stop, but its far from sure that politicians are likely to listen even if it does.  In any case the above lament is my own.