http://www.news.com.au/common/story_page/0,4057,2095628^11610,00.html The Australian Whose list are you on? Your income. Your sexual preference. Your spending habits. Your health. The way you vote. Is nothing private? Not really, writes Natasha Bita 09jun01 HE called from a phone box. For $10,000, the anonymous man offered to sell the names of thousands of bank customers with more than $10,000 in their accounts. Laird Marshall, the list broker who took the call, declined. "We wouldn't touch it," he says. "Obviously it had fallen off the back of a truck." So Accountable List Brokers cannot offer its clients the names of well-heeled bank clients. But for $850 Marshall's Brisbane-based company can provide the names and addresses of 1150 gay men and lesbians whose names were compiled when they attended a function last year. Meanwhile a Kodak subsidiary rents out the names and addresses of nearly 1 million Australian mail-order photo customers through ALB for about $200 per 1000 names. ALB also offers a file, "created as part of a major research project", with the details of 378,132 motorists -- their names, where they live, the type of car they drive, where they buy their petrol, and their insurance rating. UK-based Listbroker sells the names and addresses of subscribers to The Economist magazine, a list of British company directors' wives ("who enjoy a luxury lifestyle") and a databank of 21,000 customers who have bought diamonds or Swiss watches from British jewellery house Alexanders. Intrusive? Alarming? How on earth did the list brokers obtain this information? Think back to the last time you entered a competition, filled in an email survey, subscribed to a magazine, used your Fly Buy points or credit card, applied for a loan, bought a house, connected a telephone, voted in an election or filled in a warranty card. Personal information is a precious commodity these days. Marketing companies are making fortunes trading in private data that most people would regard as none of their business. Big Brother is not the totalitarian control freak that George Orwell envisaged in his 1949 novel, 1984. Big Brother is as omnipresent, yet far more insidious than Orwell's vision. In the 21st century, companies can spy on our internet usage by planting web bugs on our screens. Banks know what we have bought on our credit cards and have the technology to track our EFTPOS purchases as well. Our movements, our conversations and even our keystrokes are recorded by cameras and phone taps at work, in the street or in the supposed privacy of our homes. And the most sensitive information of all -- our genetic code -- is being stored on medical records, insurance records and a DNA database of criminals. "In the 1980s people thought of Big Brother as the government," says deputy federal privacy commissioner Timothy Pilgrim. "But now many organisations -- often very small ones -- are able to collect information about us. There is no doubt that in the business world, personal information is seen as a commodity and can be a valuable asset. We're trying to return control of that sort of information to the individual." Until now, data collection has been a free-for-all for companies wanting to stockpile information about clients. But on December 21, the private sector will have to comply with the Privacy Act, which has bound government departments since 1988. "These [marketing] organisations are going to have to look extraordinarily closely at their operations -- how they collect information, where they collect it from and what they do with it," Pilgrim says. "A lot of them will be collecting sensitive information and [from December], regardless of where it's coming from, you'll need the consent of the individual before collecting it." The new Privacy Act will generally make it illegal for companies to collect or transfer sensitive personal information without an individual's permission. Companies should ask clients only the basic information they need to carry out their business. The law says that people must be given the choice to opt out of mailing lists when they provide personal data for business transactions, surveys or competitions. And companies will have to be frank about what they use the information for -- if they want to sell it to a list broker, they must say so. It will no longer be good enough to allude to information being used for marketing purposes if it is then sold to outside agencies. But the law is not retrospective, so companies can continue to trade in their existing mailing lists. If they update an individual's profile, they will have to contact that person to advise them of what information is being collected, what will be done with it and to whom it will be sent. The Privacy Act is the first law to safeguard privacy in Australia's private sector, but its critics argue that exemptions for small business, politicians, employee information and the media make it full of loopholes. Businesses with a turnover of less than $3 million a year, that do not trade in personal information and are not health-related are exempt from the new law. A childcare centre that holds sensitive health records of children in its care could be deemed to be exempt from the Privacy Act as a small business. So, too, could a small business selling flowers or groceries over the internet. The Privacy Commission, in a submission to a parliamentary inquiry last year, criticised the exemptions and singled out the political impunity as inappropriate. "Political parties could use personal information they collect for any purpose they choose, including selling it for a commercial purpose," its submission says. "Unlike businesses, they would not need to notify or get the consent of the people [involved]. Political organisations should follow the same practices and principles that are required of the wider community." The federal Government left the political exemption as it was, but tightened a loophole that might have let lobby groups masquerade as media organisations to get exemptions from the act. "A potential scenario could arise whereby such a lobby group may attempt to silence its critics by threatening to publish very personal information about them and their families," the Privacy Commission warned. This is already happening. The Firearm Owners Association website features a "house and garden competition" with photos of anti-gun campaigners and politicians and their homes. The information is highly personal -- a female politician "can be seen planting and weeding this attractive garden" on weekends (address supplied). The home of Queensland Premier Peter Beattie is pictured, with his address. Another site, crimenet.com.au, sells criminal histories for $11 per record. It has a database of "convicted criminals, con artists, frauds and scams, paedophiles and sex offenders, missing persons, and persons wanted by various law enforcement agencies". The site's terms and conditions say users must not use the database to stalk people or promote injury against anyone. Neither should jurors use the site to seek privileged information about someone on trial. Technically, the Privacy Act will outlaw such behaviour. But in reality it will be difficult, if not impossible, to police. Offshore companies and websites will not be subject to the Australian legislation, although Australian companies could risk prosecution if they supply the foreigners with information. Business, which is still grappling with the red-tape burden of the GST last year and the millennium bug the year before, already is groaning about privacy compliance. "The pressure is on in the time-frame available," says Australian Chamber of Commerce and Industry chief executive Mark Paterson. "A lot of people will be unaware they're having this thrust upon them." Just six months out from privacy D-day, the Privacy Commission has issued 160 pages of draft guidelines to help companies interpret the legislation. Paterson says business will be lobbying for change. "The guidelines as presently drafted extend the operation of the legislation in a way that was not intended [by parliament]," he says. "We lobbied for `light touch' legislation ... instead we have 160 pages of densely typed stuff that no business is ever going to read." Pilgrim, the deputy privacy commissioner, concedes that development of industry-wide privacy codes to comply with the new law will be "a big job" for some of the bigger companies, such as banks. "But the idea of the legislation has been around for some time," he says. The new law will give the privacy commissioner the power to investigate privacy breaches, order compensation and seek injunctions through the Federal Court. "We don't have a [compensation] limit -- it depends on the severity of the individual breach and the degree of hurt and loss an individual has suffered," Pilgrim says. The Privacy Commission will start investigating complaints from the public on December 21. But if you have a complaint, take a tip from them -- don't use emails, you never know who might be reading them. The commissioner's website carries a special warning: "Please note -- because the process is not secure, the privacy commissioner discourages the lodgment of complaints by email." Big brother's little helpers List brokers: Companies sell or hire out mailing lists and customer databanks. British marketing firm MM Group claims to have 1 billion names in its databank, which includes contact details for back-pain sufferers, subscribers to The Economist, jewellery purchasers, clients of self-improvement courses, the wives of company directors and people with offshore bank accounts. Brisbane-based Australian company Accountable List Brokers (unrelated to the UK firm) offers the names of gays and lesbians, mail-order photo customers, car owners, top income earners, tradespeople, swimming pool and pet owners. ALB principal Laird Marshall says government departments have subscribed to his lists. Tip: To remove your name from mailing lists or cancel email spam, contact the Australian Direct Marketing Association. Internet: Companies can use web cookies and web bugs to monitor who is reading a web page or email. A cookie is a tiny data file transferred to the user's hard drive. Its main role is to customise web pages for the user -- but it can also track users as they move to other sites. Web bugs are graphics, invisible to the naked eye, that sit on a web page or are embedded in an email to report back to the sender how the site is being viewed or whether the email has been opened. A US-based company that operates in Australia, Engage Technologies claims it can monitor 72 per cent of web traffic in the US and offers companies a profiling service called DataDNA: "Find out age, income level, buying habits and other demographics about the audience viewing your ads." Tip: Ask your computer to "disable cookies" so a warning pops on to the screen before a cookie enters the hard drive. Encryption software can protect your correspondence from surveillance. Shopping cards: Credit cards, debit cards, EFTPOS and loyalty schemes such as Fly Buys leave an electronic trail of your spending. last year, ANZ Bank told a Senate inquiry into privacy (follow links to Cookie Monsters report) that banks "have the technology to create individual user profiles by combining EFTPOS and credit card transaction data with other information collected by the bank" -- although it was not doing so. Loyalty schemes such as Fly Buys are used for direct marketing. Tip: Pay with cash. www.privacy.gov.au ************************************************************************* This posting is provided to the individual members of this group without permission from the copyright owner for purposes of criticism, comment, scholarship and research under the "fair use" provisions of the Federal copyright laws and it may not be distributed further without permission of the copyright owner, except for "fair use." -- Leftlink - Australia's Broad Left Mailing List mailto:[EMAIL PROTECTED] Archived at http://www.cat.org.au/lists/leftlink/ Sponsored by Melbourne's New International Bookshop Subscribe: mailto:[EMAIL PROTECTED]?Body=subscribe%20leftlink Unsubscribe: mailto:[EMAIL PROTECTED]?Body=unsubscribe%20leftlink