IN SCHOOL THEY taught us that legislators went to the halls of government to draft, according to the will of the people, the laws that structure our government. If our elected officials fell short of the goal in this, we-the-people had the ballot initiative, a tool by which we might administer a clarifying kick in the ass to a sluggish and unfocused legislative body.
What does it say about Olympia when the state's best hopes for consumer-protecting privacy legislation are ballot initiatives—one, in fact, put forth by a state representative?
Brian Sullivan, a Tacoma Democrat, watched bill after bill jam up in House and Senate committees this year, many of them ceremoniously stomped to death by lobbyists for the insurance and financial industries—"a perfect example of why we need campaign finance reform," as he puts it.
Sullivan's ballot measure, currently enrolled as Initiative 730, focuses on financial institutions, banks, insurance agencies—anyone who'll handle your money. It includes a laundry list of personal information that such firms must have your explicit (opt-in) permission to sell to other firms. Such information includes Social Security numbers, bank balances, PIN numbers, genetic data, and credit card info. It includes your phone number but not your name and address, on the theory that most of us find junk mail less intrusive than telemarketers.
I-730, the People's Financial Privacy Act, is more pro-consumer than the current crop of bills in Olympia in that it designates such a wide range of information as opt-in material. Even the best bills still struggling through the legislature attempt to separate "personal" from "sensitive" information, requiring explicit permission only for the sensitive kind. (Smart readers know a divide-and-conquer strategy when they see it, so finding PIN numbers in the "sensitive" category while financial transactions and purchasing history reside in the "personal" category of amended Senate Bill 6315 is a good sign that financial-industry lobbyists are trying to scare you: "You won't mind if we buy and sell your run-of-the-mill personal information, as long as we protect this SENSITIVE information.") Sullivan argues that most reasonable people are likely to feel that their personal information is plenty sensitive, thanks.
I-730 is tightly focused—it barely touches, for instance, medical privacy issues. But subtlety only gets you so far, as the choirgirl said to the bishop, or as Tim Eyman said to the Washington electorate. In this post-I-695 age, one tends to think big when one thinks of initiatives. Enter JR Baker, an actual citizen (a Bainbridge Island public relations consultant, to be specific) who two weeks ago laid a $5 bill on the counter ("quite a thrill," he smiles) and filed a sweeping ballot measure preventing companies—not only the financial folks but anyone with access—from buying and selling personal information without permission. Baker's initiative covers all info hereafter gathered, from cookies to biometrics to cell-phone tracking to video surveillance in public areas.
It was DoubleClick that pushed Baker over the edge—although, as he points out, DoubleClick is hardly alone in gathering and correlating online and offline information on individuals who might not be aware they're being spied upon. His initiative, tentatively known as the Consumer Privacy Protection Act, regulates the use and sale of information online and off. It's sweeping rather than specific; instead of a laundry list of items that may and may not be freely bought and sold, it covers a variety of situations in which private information is transferred—the privacy landscape in miniature, and a pretty picture it ain't. (After one read it's likely to have your I'm-mad-as-hell-and-I-can't-take-it-anymore vote, even if there are details to be worked out about what's most maddening and how you intend not to take it, so to speak.)
Like Sullivan (whose proposal he is familiar with), Baker points to lobbyists swooping down on Olympia legislators as a major roadblock to getting privacy bills passed with more teeth than teeth marks. Baker sees a need to guide businesses in permission-type marketing, telling consumers up front how information will be used and exactly how much is needed. He's also aware that in the absence of laws, companies are far more likely to sell consumer information and take their chances of a slap on the wrist, pointing to a New York case in which Chase Manhattan Bank violated their own privacy statements by selling personal information on customers. When the state of New York found and proved the transgression, they were chagrined to discover that there was no legal remedy on the books for such behavior. The state was reduced to collecting a piddling $101,500—the cost of their investigation, and a drop in the bucket compared to Chase's revenues on selling data about 22 million card holders (not to mention commission from the marketing firms that bought the data).
Baker's initiative, as I write this, has no official number yet. Both measures now have until July 7 to collect the 179,248 signatures necessary to appear on the November ballot. Expect to see both of these worthy items coming soon to a clipboard near you.