Editorial: Selling out on privacy

Friday, March 24, 2006 | 7:16 a.m.

Keeping personal information private and out of the hands of salespeople or identity thieves is becoming increasingly difficult, whether dealing with public agencies or private companies.

On Thursday the Government Accountability Office released a report that says the Health and Human Services Department is not taking adequate measures to protect the medical and financial information gathered from Americans enrolled in the Medicare and Medicaid programs.

Earlier this month dozens of companies, including such financial institutions as Wells Fargo, Bank of America, Washington Mutual and Citibank, sent replacement debit cards to customers because computer hacks had stolen hundreds of thousands of personal identification numbers (PINs).

And in April the Internal Revenue Service will conduct a hearing on its proposal to expand the market to which tax preparation firms can sell personal information gleaned from the clients for whom they prepare returns. Tax preparers have always been allowed to sell such information - including copies of entire tax returns - as long as clients provided written permission.

Currently, only firms affiliated with the tax preparation company may buy the information. The IRS proposal would allow such information to be sold to anyone who asks. Critics correctly fear that consumers, who sign stacks of forms when having their taxes prepared, may neglect to read the consent form before signing it. And, if the proposed change is approved, that information could be sold anywhere - even overseas. Consumer advocates advise that people should carefully read every document a tax preparer places before them and also insist on signing for debit purchases, rather than entering a PIN.

As for privacy in the Medicare and Medicaid programs, the government must not delay in implementing the GAO's recommendations that include updating anti-virus software, gaining control of computer passwords, performing better background checks on contractors and employees and installing surveillance equipment to restrict access to data centers.

The electronic age has improved the speed and ease of service for consumers, but often at the price of increased security risks. Consumers need action, not simply reaction, from the public and private entities that collect personal data and hold it, we too often assume, for safekeeping.