a person looking through a hole with binoculars,

Digital Privacy Laws: Protecting Personal Information Online

  • Legal Editor

Summary Introduction

This article explores the following:

  • The challenges consumers face in protecting their personal information over the internet.
  • Consumers are increasingly aware of collecting and sharing their data by online businesses.
  • How national reporting bureaus collect and sell people’s health and medical information to insurance companies and how it impacts insurance rates and coverage.
  • Shows how consumers can protect their personal information by being proactive in obtaining copies of their health report files and seeking assistance from independent privacy advocacy groups.
  • The importance of consumers demanding they receive fair treatment and disclosure practices within the insurance industry to ensure consumer privacy.
  • The need for comprehensive federal legislation on digital privacy relating to the sale of personal data to data brokers and the risks of identity theft of personal information on the dark web.

What Is Digital Privacy?

Digital privacy refers to the security and protection consumers expect and deserve over their personal and private information.

Consumer’s Right to Privacy

Congress passed The Privacy Act of 1974, which made disclosing a person’s records unlawful without their written consent.

The 1974 Privacy Act was initially passed in response to protecting the privacy rights of the public from the federal government’s collection of information being collected among different federal agencies.

The Power and Reach of Today’s Digital Technology

According to a 2020 Pew Research Report, over 80% of Americans go online daily. The study also reports that of that 80%, nearly 30% go online regularly, at least several times daily.

Pew Research also reports that most consumers know online businesses regularly collect and share their personal information with third parties.

States Governments Taking The Lead In Digital Privacy Protections

Many progressive states, such as California, have passed laws such as California’s Proposition 24, which went into effect on January 1, 2023, significantly expanding the state’s consumer data privacy laws.

According to the National Conference of State Legislators, California’s new law will permit California consumers to:

  • Prevent businesses from sharing personal information.
  • Know what personal data about them is being collected.
  • Know if their data is being sold and to whom and have the legal right to force such companies to correct inaccurate information in the consumer’s data files.
  • Limit business use of sensitive and personal information such as a person’s race, ethnicity, religion, genetic data, sexual orientation, health, and biometric information.

Federal Law on Privacy Over Medical Records

Who Collects My Medical Records?

Few things are more private to consumers than their medical records. So, it usually comes as a surprise to learn that national reporting bureaus collect and sell their health and medical information to insurance companies.

The insurance companies then use the information to raise certain people’s insurance rates, terminate existing coverage, or otherwise deny them from participating in private group health insurance plans.

Collecting and selling your personal health history occurs through three major private reporting agencies: Medical Information Bureau (MIB), Ingenix, and Milliman. Each of these companies has developed a nationwide network of health information databases.

Currently, nearly 99% of all individual life insurance policies and 80% of all health and disability insurance issued in the United States are purchased from these three companies.

Health Records Contain Private Non-Medical Information

People’s health report files may contain both medical and non-medical information. For example, your file may include information about your medical conditions and provide insurance companies with your credit history, driving record, criminal activity, and drug use.

The issue that needs to be addressed is whether the law is protecting consumers from companies that profit from gathering and sharing what is commonly believed to be confidential personal health and medical information.

Consumer Advocate Organizations

Under Federal law, all consumers are entitled to annual medical reports from each nationwide reporting agency that sells health information to participating insurance companies.

One way to protect yourself is to obtain a copy of your health report file from each of the three major reporting agencies.

You can do this yourself or go through an independent privacy advocacy group such as Unblock to obtain a copy of your health report file.

Unblock is one of a handful of private organizations that keeps consumers informed about what is being reported about them by each of the three health reporting agencies.

How Does Medical Information Bureaus Acquire Consumer Health Information?

When you apply for life, health, or disability insurance, you are often required to substantiate the status of your current and prior health conditions, including disclosing previous mental disorders, the prescription drugs you are taking, frequency of refills, and dosages.

While the federal government has enacted strict consumer protection laws that would otherwise protect you from third-party disclosure of your private information, reporting agencies have found ways to avoid the clear intent of these laws.

To counter the potential for wholesale abuse of your private health information, the Federal Trade Commission relies on the Fair Credit Reporting Act to counter abusive practices.

Quoting from an FTC Staff Opinion, “In an area as important and personal as insurance, it is essential that consumers feel they are being treated fairly.

Under the FTC…consumers are informed of the role MIB plays in having people denied insurance, and… people will be able to exercise the self-help remedies afforded by the Fair Credit Reporting Act.”

What Is the Connection Between Fair Credit Reporting And Disclosure of Medical Information?

One way to understand the connection is to consider it within the context of obtaining a “credit report for your health” before it gets passed on to other insurance companies seeking information about your eligibility for different health coverage.

To qualify for medical, life, or disability coverage, insurance companies want to make sure the applicant is at a reasonable risk.

More directly stated, insurance companies, not unlike money lenders, attempt to stack the odds in their favor by denying medical benefits to those who will use them and e the monthly premium payments.

Federal Government Lacks Comprehensive Digital Privacy Laws

While individual states have taken the lead in consumer digital privacy laws, the federal government claims they have yet to catch up because of the rapid technological advances related to data capture, storage, and commercial exploitation of consumer data.

The Federal government is an assortment of federal laws covering various data-related consumer privacy issues.

Examples of Federal Consumer Privacy Legislation Include HIPAA, FRC and FERPA Protections

  • Patient Medical Records under the Health Insurance Portability and Accountability Act (HIPAA)
  • Personal Credit Information under the Federal Credit Reporting Act (FRCA)
  • Student Identity and Academic Records under the Family Educational Rights and Privacy Act (FERPA)

Private Information Often Gets Sold To The Highest Bidder

Consumer Buying Choices And Location Preferences

In most states, private and publicly traded companies can use, distribute, market, and sell any data they collect on consumers, including their identity and buying choices. Location preferences, without alerting consumers or getting their permission.

Role of Data Brokers

This sale of our personal information is even more disturbing because it gets sold to data brokers, who then sell your information to the highest bidder.

Data brokers knowingly collect and sell your private and personal information to often questionable third parties with whom the business does not have a direct relationship.

When We Become The Victims of Cybercrime

Many consumers believe that privacy in the data retrieval and sale of consumer data is overblown – until they become victims of cybercrime and identity theft.

For those who believe digital privacy is not a threat so long as we remain alert and careful as to whom we share our information with, consider this:

More than seventy percent of all American consumers had their names, addresses, or social security numbers appear on the dark web.

The Dark Web

The dark web remains in the zone of the unknown. Search engines do not crawl or index it, and yet it remains the epicenter of identity theft and criminal activity, including dubious data brokers.

What does all this mean to the consumer?

It means most consumers are vulnerable to attacks on their privacy and finances. Until laws change and consumer privacy protections are built into the system, you, the consumer, will remain the primary victim of unlawful digital privacy violations and theft.

Consumer Rights Lawyers

If you want additional information or have questions, consider consulting with an online Consumer Rights Lawyer.

Affiliate disclosure

GotTrouble.org is a one-stop free and open consumer information and expert resource.

Our information helps guide people through the complexity of life-changing legal, financial, and emotional challenges.

One way of doing this is by providing our visitors with a wide range of third-party resources. Some of which are affiliates.

Should you visit an affiliate, we will disclose this fact, and we may earn a commission. We ask that you use your independent judgment in deciding whether an offered service or product fits your needs and purposes.

If you have questions, please get in touch with us at inquiries@GotTrouble.org.

Sponsors