Personal Privacy and the Potential Affect on Insurance Investigations

By Michael J. Malone

It's rare to pick-up any newspaper or tune in to any national television news program each week without seeing an article or editorial concerning the issue of "privacy". In the United States Congress the issue of privacy is hotly debated because it's an issue that extends to virtually all aspects of today's society - Law Enforcement, Banking & Finance, Insurance, the Internet, and a host of areas related to individual consumers. The recent volume of publicity suggests that privacy may develop as a major issue in this fall's presidential campaign. These facts make it even more incumbent upon professional investigators, both public and private, to make themselves aware of the restrictions under debate that could adversely affect the manner and environment that they perform their job.

Recently, the International Association of Special Investigation Units (IASIU), the National Insurance Crime Bureau (NICB), and the Coalition Against Insurance Fraud (CAIF) sponsored the National Fraud Forum in Washington D.C.. U.S. Representative Asa Hutchinson, R-Arkansas addressed the forum about the current status of pending privacy legislation, the proposed Privacy Commission, and the Gramm-Leach-Bliley Act.

U.S. Congress & The Privacy Protection Commission

"The Internet, technology and information transfers have changed the rules on privacy, and privacy is the number one concern of Americans as we move into the 21st century" said Hutchinson. " He further told the group that there are currently scores of bills in Congress addressing privacy issues -- from medical records to banking records to online privacy issues and, in addition, there are thousands of bills pending that deal with privacy in the state legislatures. On June 14, a House Government Reform subcommittee approved H.R. 4049, a bill introduced by Hutchinson and Rep. Jim Moran (D-Virginia) to create a bipartisan Privacy Protection Commission. The bipartisan commission comprised of 17 members would formulate and recommend a comprehensive approach to how personal information is used and shared.

The Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley Act enables financial institutions such as banks to affiliate with insurance companies and brokerage firms under one corporate umbrella. The major incentive for these organizations to strike partnerships is their ability to then share customer private customer financial data and cross-market their various products and services. Various financial information held by the banking firms would then be available to the insurance company to target certain products to specific customers or be used in coverage and pricing decisions. Heath related information held by the insurance institutions may be shared with the banking and/or brokerage side of the corporation and potentially used to make adverse financial decisions to the consumer. The federal law provides some protection in that the institutions must provide the consumers the opportunity to "opt out" of the information sharing prior to the data being shared or sold to unaffiliated third parties. The law provides no such provisions for sharing the information with affiliated organizations under the same corporate umbrella. Until a customer says "no" to the sharing of information with unaffiliated parties the financial institutions are free to sell the customer's personal data.

The current debate in Congress includes discussion of changing the "opt out" provision to an "opt in" version whereupon an individual would have to make the overt act of "requesting or authorizing to be included" in the information sharing. Absent the authorization, the sharing of personal protected data would remain unlawful. California among many other states have begun the process of proposing state regulations that would further protect individual privacy.

In a letter recently delivered to members of the Senate Banking Committee, Leigh Ann Pusey, senior vice president for federal affairs of the American Insurance Association (AIA) expressed concern about the privacy amendments that may be offered during mark-up of the Competitive Market Supervision Act, S. 2107.
Ms. Pusey stated, "Our industry has a stellar record on consumer privacy and the issue continues to be of paramount importance to us. Protecting individuals' medical privacy while ensuring consumers' ability to access insurance and other necessary financial products is an exceedingly complex issue. The potential for adverse unintended consequences is enormous."

In the letter, Ms. Pusey further stated, "Information is the lifeblood of the insurance industry. Without access to customer information, we could not offer and provide insurance products. We could not process claims, and we could not protect against fraudulent activities. At the same time, we recognize how concerned policyholders are that we preserve the confidentiality of the medical and financial information we maintain."

In her letter Pusey went on record for the AIA opposing any other amendments that would add privacy restrictions that would impede insurers' efforts to comply with existing GLB requirements. Pusey concluded that, "As an industry, insurers have long had experience in protecting the data we collect and possess about our customers. As a matter of policy and as a matter of law, we protect that information. There are restrictions at both the state and federal level on how that information is shared."

Protections for Social Security Numbers

This year, due to the resounding public support for privacy protection, Vice President Al Gore presented a proposal governing the use of Social Security numbers. The Vice President introduced his proposal to protect Social Security numbers (SSNs), the Social Security Protection Act of 2000. Gore's proposal is sponsored by Sen. Dianne Feinstein (D-CA) and Rep. Ed Markey (D-MA). Provisions of the proposal restrict the sale or purchase of SSNs to instances in which an individual has voluntarily given his or her consent to the disclosure. Currently, SSNs -- often an important identifier for financial, credit and health records -- can simply be bought from internet database services without an individual's permission. The SSPA of 2000 would require the Federal Trade Commission and state attorneys general to jointly enforce the protections.

There are unscrupulous data resellers, investigators and others who operate outside the boundries of the law and professional ethics that has caused increasing concern among federal and state legislatures, the media, and individuals. Many see Vice President Gore's proposal to be a first step in responding to the growing problems with the misuse of Social Security Numbers. Other issues that could be addressed as the proposal goes forward include: (1) outlawing the sale and purchase of the Social Security numbers; (2) protection of consumers from losing the opportunity to receive a benefit or conduct business if a private company unjustly requires a SSN; (3) restricting the requirement of using ones Social Security Number to the business they conduct with the Social Security Administration and the Internal Revenue Service (Currently, many individuals are compelled to provide a SSN that they might otherwise not want to disclose); and lastly, the proposal could include provisions so that an individual would have the ability to pursue what he or she thinks are violations of the law and seek the appropriate civil and criminal remedies.

Brief History

The concept of privacy originated in an 1890 article by Samuel Warren and Louis Brandeis, The Right to Privacy (4 Harvard Law Review 193, 1890). The article criticized the press for "overstepping in every direction the obvious bounds of propriety and of decency". By the 1960's this concept of privacy as a legal tort had spread widely and a majority of states had recognized the right of privacy in some form.

The West Virginia Supreme Court recognized in deciding Crump v. Beckley Newspapers Inc. 320 S.E. 2d 70 (W. Va. 1983) that four types of invasion of privacy claims exist. The four types of invasion of privacy are: (1) Unreasonable intrusion upon the seclusion of another; (2) Appropriation of another person's name or likeness; (3) Unreasonable publicity given to another person's private life; and (4) Publicity that unreasonably places another in a false light before the public. The West Virginia court's, and that of many other state and federal courts', recognition of a cause of action for invasion of privacy poses a definite and substantial risk of liability for improper investigation, including surveillance.

Despite the 100 years of development of the privacy tort since the Brandeis opinion, Andrew Hay McClurg stated in his article, Bringing Privacy Laws Out of the Closet (N.C. L. Rev. 1995) that a "lesson of modern privacy law in the tort arena is that if you expect legal protection for your privacy, you should stay inside your house with the blinds closed".

Today

Recently, one of my Regional Field Managers was giving a presentation to a group of adjusters at a major insurance company when out of the corner of his eye, he saw a woman's hand rise from the back of the room, accompanied by a furrowed brow and a slight frown. The manager had been yammering on for several minutes about electronic databases, information on the Internet, and how investigators combine these threads with direct observations in the field to solve cases. Standard stuff, nothing unusual. He was supposedly preaching to the choir, a group of Claims Adjusters with piles of cases on their desks and a need to know this stuff, right now, if not yesterday. But the lady in the back wasn't worried about claimants or elaborate fraud schemes. "Why, she asked, should I have access to so much personal information, so easily? "Sounds like ‘Big Brother' to me," she noted cautiously.

George Orwell's elaborate surveillance society as imagined in the novel 1984 seems tame by comparison with today's reality. The tool to monitor our lives at all levels are available to anyone with a credit card, not just the government, which finds itself struggling to make laws that apply in new contexts. Suddenly, my manager found that the focus of his presentation had shifted. The topic of privacy doesn't just affect us all because of our chosen business profession; it's also personal because we're consumers also.

The manager asked how many in the audience have unlisted telephone numbers/addresses? About half of the hands in the room went up, including his own. Everyone is paranoid about having their credit information stolen, or being stalked by some wacko who built a dossier about you in 10 minutes from $39 worth of data searches on the Internet. But the other side of the equation is equally troubling, and of practical interest to us as Investigators: the ability to hide behind an electronic ether of multiple e-mail addresses, re-mailers and alpha-numeric screen names will make our jobs considerably more difficult. The group or individual intent on fraudulent activity will certainly benefit as public attitudes move toward greater restrictions on access to certain types of data.

Our ability to access even the most basic types of information (DMV records, SSN traces) is being challenged by lawmakers at the federal, state and local levels. In Pennsylvania, for example, the DMV is now requiring detailed explanations of exactly how the information being provided is to be used, and by whom. It is rumored that several sting operations attempting to ferret out unscrupulous re-sellers of the data are underway. The State of Kentucky requires that if you check a public criminal record on an individual and a criminal record in-fact exists then the government must notify the individual that you checked the record and what information you accessed. Other state legislatures have moved to restrict or block access to these records entirely. Despite this attitude, Investigators and Insurance Companies have a traditionally recognized need for and access to this information throughout the country. As a group, we must become more aggressive in challenging the refusal to release this information, while simultaneously guarding the established privacy rights of those whose personal data is entrusted to us.

Most states have defined what public records are by statute:

"Public records" includes any writing containing information relating to the
conduct of the public's business prepared, owned, used, or retained by any state or
local agency regardless of physical form or characteristics. "Public records" in the
custody of, or maintained by, the governor's office means any writing prepared on or
after January 6, 1975. California Public Records Act- Section 6252

"Public records" means all documents, papers, letters, maps, books, tapes,
photographs, films, sound recordings, data processing software, or other material
regardless of the physical form, characteristics, or means of transmission, made or
received pursuant to law or ordinance or in connection with the transaction of
official business by any agency. Florida Statutes Annotated- Section 119.011.

The public doesn't generally make distinctions between "Investigators" and "Information Brokers". They're not interested in the fact that we have a legitimate reason to know whose car that is in the driveway of a claimant's residence or the civil and criminal backgrounds of individuals suspected of engaging in insurance fraud. What really matters is the way we defend our rights as professional and ethical users of this data, by fully comprehending its value, both economically and socially.

• Be mindful of the laws and regulations pertaining to the collection and dissemination of different types of data in your locality. Understand the players involved in their interpretation and implementation.
  
• Don't patronize Information Brokers who provide data to anyone with a credit card. Their behavior undermines the legitimate efforts of professional investigation companies.
  
• The degree of "publication" or "release" necessary to constitute an invasion of privacy is a function of the nature of the information disclosed. Therefore, insurance company adjusters, Special Investigators (SIU), private investigators employed on their behalf, and others, should exercise additional caution when handling claims that involve highly personal information, such as medical/mental health information and financial records.
  
• Take steps to safeguard the personal data in cases you work. Lock your filing cabinet. Keep a close eye on paperwork while in the field. Learn to archive and encrypt reports. Remove them from your hard drive to a floppy or zip disk.
  
• Recognize and respect the privacy interest that individual insureds and claimants have in personal information by (a) assessing the impact on the subject's privacy, in deciding whether to obtain and use personal information; and (b) obtaining and using only information that could be reasonably expected to support current or planned activities pertaining to the investigation or analysis of a pending claim.
  
• Don't give up easily when a records custodian says no, especially if you know you are entitled to the information being sought. Make your requests in writing and utilize the Freedom of Information Act and Open Records Laws of federal, state, and local governments. Politely cite the appropriate regulation or statute, and ask for a refusal in writing.

Here are some suggested resources to learn more about privacy and investigative searches:

Web sites that deal with privacy issues:

www.privacytimes.com [Privacy Times]
www.privacyrights.org [Privacy Rights Clearinghouse]
www.epic.org [Electronic Privacy Information Center]
www.privacy.org [The Privacy Page]
www.privacy.org [Individual Reference Services Group - IRSG]
www.privacy.org [The Federal Trade Commission]
www.townonline.com/privacyjournal [The Privacy Journal]

Books & Articles to consult regarding investigative searches and privacy include:

(1) Public Records Online - The National Guide to Private & Government Online Sources of Public Records, by Facts on Demand Press (1999)
(2) Naked in Cyberspace: How to Find Personal Information Online, by Carole A. Lane, Wilton, CT (1997)
(3) Search Engines for the World Wide Web 2nd Edition, by Alfred & Emily Blossbrenner, Peachpit Press (1999)
(4) Financial Investigations: A Financial Approach to Detecting and Resolving Crimes: Instructor's Guide, by Internal Revenue Service (1994)
(5) Privacy & Confidentiality: Issues & Uses of Information, by W. Lane Neilson (February 2000)
(6) Surveillance & The Law: Practical Guidelines for Insurance Investigators, by Larry G. Henning and Edward J. Wilbraham (1997)
(7) In Pursuit of Privacy, by J. Decew, Cornell University Press (1997)
(8) The Privacy Rights Handbook, by Beth Givens, Avon Trade Books (1997)
(9) Protecting Yourself Online, by Robert P. Gelman, Harpers Edge (1998)

Note: Michael J. Malone is the Chairman & CEO of MJM Investigations, a national provider of surveillance and investigative solutions to the insurance claims process headquartered in Raleigh, NC., and sits on the Privacy Task Force of the Coalition Against Insurance Fraud.
To contact Mr. Malone: mjminc.com or 1-800-927-0456.