Margaret Fenton, President, Everest Data Research, Inc.

Enid S.Barry, Manager, Technology Evaluation & Integration Services, American Electric Power

Richard L. Fenton, Vice President, Technology Management, Banc One

William M. Hazen, Principal, Bill Hazen & Associates (Management & Information Systems Consultants in the Health Industry)

John H.(Jay) Huey, Senior Vice President, Chief Information Officer, Motorists Insurance Companies

Motorists Insurance Companies, 471 E. Broad St. Columbus, OH 43215

This month's conversation was hosted by Motorists Insurance Companies, a part of the Motorists Mutual/American Hardware Insurance Group comprising six companies. The Group has assets of more than $800 million. Motorists' personal lines, commercial lines and life insurance products are sold by a network of more than 2,800 agents working through approximately 600 independent agencies in a market of more than 32 million people.

Margaret Fenton, moderator for the meeting, presented two case studies taken from Computer Ethics by Tom Forester and Perry Morrison (MIT Press, 1994). The first study demonstrates the need for accuracy of data. The second study scenario draws attention to the need for the privacy of accurate data. After each case Fenton asked the panelists and the audience for comments.

Case 1: Bad Data
In a small town near Paris in 1979, the owner of a service station became suspicious and notified police of the license number of a car driven by three young Frenchmen that had a license plate patched together with pieces of tape. In addition the check they offered had a scrawled signature on its face.

. . . A routine interrogation of their database revealed to police that the car had been stolen, and a patrol car was dispatched to intercept them. They caught up with the young men while their car was stopped at a traffic light: two officers in plain clothes jumped out, one holding a machine gun, the other a .357 magnum revolver. The only uniformed officer remained in the car.

Although the precise sequence of the subsequent events is still not clear, it is known that the officer with the magnum revolver opened fire on the trio; the bullet pierced the windshield and hit one of the young men just under the nose. The other two men were then informed that their assailants were police (not gangsters), and they were handcuffed while an ambulance came to assist their injured friend.

Later investigations placed the whole matter in a quite different light. One of the three men had purchased the car, quite legally, ten days before. It It was true that the car had once been stolen, but that was in 1976 and it had been recovered by the insurance company, which had then sold it to the firm from which the man later legally bought it. The primary cause of this incident was a failure to update the computer file covering the vehicle so that changes in status and ownership were accurately represented. Unfortunately, at the time of interrogation, police records still labeled the vehicle as stolen, and police reacted as if they were dealing with potentially dangerous criminals.

Fenton asked two questions,

1. What could have been done to prevent this problem and
2. What are your comments about bad data.

When a car is recovered, the claims adjustor must report to the NICB that the car is recovered. The police probably know it was recovered because they recovered it and the information would go into their file. However, if someone forgot to record the recovery, then a policeman on duty who checked the file would believe that the car had not been recovered and the driver had stolen it.

We do a lot of checking and editing to be sure the insurance file is correct but the interface between the insurance file and the police data base is not as good as it should be.

W. Hazen
A next step needs to be taken to assure that data is shared between the police database and the insurance database.

E. Barry
The more critical the data, the more attention it should get.

R.Fenton
The integrity of a company's data is an issue faced by every company. If BancOne's data processing was upset for a couple days, it would probably affect the economy of the nation. There are many processes at BancOne to insure correctness of data. However it is up to an individual to be sure his credit rating is accurate since a bank must use this information in making decisions about granting loans, etc.

The recent death of Princess Diana in an automobile accident has some messages for us. During the first hour after the accident it was reported that the car was a stolen Mercedes the had been re-furbished. Shortly the report was dropped. This was probably due to bad data that came up on somone's computer screen.

QUESTIONS FROM AUDIENCE
What about liability? Who owns the data? How does a victim identify who is liable? There is the automobile case where an insurance company has a data file and the police have a data file about the same car, but the police file is not up to date.
Response:
This involves the question of ownership. The insurance company and the police department each has its own necessary file. The insurance company makes its information about recovered cars available to the police department. However, the insurance company can not make the police update the police file. It would seem to make more sense for a police officer out on the road checking a car to be able to call into both files.

What about companies that make a practice of adding incorrect charges to an individual's credit card bill that do not belong to that individual?
Response:
The bank with that person's credit account accepts the charge from an outside company as a legitimate charge and pays the company. The charge is then sent to the individual by the bank. When the individual calls in with a complaint, the bank has ways of checking on this and tracking down such companies. There is also a center that will assist with this problem. When a bank finds a company doing this, it will not deal with that company anymore. It is important for individuals to check their credit card bills for items that should not be there and to report incorrect charges to the bank. Don't pay the bill automatically without checking the entries. The bank should provide help to the individual who has these problems.

Case 2: Protection of Privacy: Indivdual Rights vs. Company Needs and Society as a Whole
Scenario:
. . . In 2005 the government has begun conducting compulsory AIDS testing programs to help predict the course of the epidemic and to determine the impact of various initiatives. Test results are said to be totally confidential, and in order to prevent avoidance of the test, Social Security numbers, tax returns, and databases of all kinds are used to track down individuals and to present them (forcibly, if necessary) for testing. Of course, as a law-abiding citizen you present yourself, you are diagnosed as antibody positive, and the outcome is logged onto a government database system. However, you are confident that because the outcome of the test is confidential, you will be able to lead a fairly normal life, you follow safe sex practices, and hope that in the time you have left a cure or at least better treatments will be found.

With the growth of AIDS as one of the more common terminal diseases, however, an increasing number of people have been lying to insurance companies about their infection, and upon reaching a terminal stage, they kill themselves in car accidents or other apparently non-suicidal forms of ending it all. In this way, victims' families are securing large insurance payouts, and the insurance companies are feeling the pinch. However, in the interest of individuals' rights, the government prohibits insurance companies from demanding AIDS tests on an insurance applicant. It is sufficient that government knows who is infected, and the public release of such information is considered socially destabilizing.

Nevertheless, insurance companies are desperate to discover such information so that they can offer competitive premiums without such high degree of risk. Two options are open to them: to somehow gain access to government files or else to obtain the same information through alternative sources. Like insurance companies everywhere, the U.S. companies hate risk, so they choose to do both. Through the tried and trusted methods of bribery through a third party, some of this information is obtained. The remainder is gained by indirect means. Medical insurance companies note the kinds of treatments that patients receive and, by looking for patterns in these ailments, quickly determine the chances that particular policy holders and applicants might have AIDS. This information is sold to other insurance companies as well.

Furthermore, in order to secure lower premiums for their businesses, employers are encouraged to monitor workers' use of sick leave, any gossip about sexual preferences, and any drug usage. These reports, too, are added to the information mosaic gathered by the insurance companies. Lastly, landlords and other employers also are eager to obtain access to these records. In the case of landlords, they don't want to provide accommodation to an AIDS victim because, given the hysteria over AIDS, they may not be able to rent their premises again. In the case of employers, they don't want to invest heavily in training and providing a career structure for an individual if that person is likely to die before the investment is recouped. Furthermore, being an AIDS victim makes a person susceptible to blackmail, and that risk cannot be tolerated for employees entrusted with heavy re- sponsibilities and financial powers.

COMMENTS FROM PANELISTS

• In the hypothetical scenario the government prohibits insurance companies from demanding a test for AIDS from insurance applicants (But no such prohibition exists in fact.). At present our life insurance company does require an HIV test, a blood test for people applying for insurance greater than $100,000 in face amount. By government regulation we must get a signed statement from the applicant saying it is all right for us to do this. If we get the information back: yes, this person is HIV positive, we tell the person the insurance is being denied based on something in the bloodwork without being specific about it. We refer them to the lab that did the test and suggest they be re-tested, or challenge the lab, or find out what the lab found out. We also report this to a collection agency for insurance companies so that another company will see there is a code indicating that there is something wrong with the blood work. It does not say this person has HIV.
• Access to many company databases has many layers of protectionÑnot just one firewall. Employees are screened and are restricted to the area of their work. Of course there is the hacker who has all kinds of time to work at breaking into files.
  

  If you think your health record is confidential today, think again, certainly not in a hospital or a doctor's office.
  

Answer: Data mining can put together trends and place you in those trends based on information about you. This information can be obtained in many ways and can be used to try to sell products to you. It also has useful purposes in helping to focus medical developments by knowing how many have arthritis, AIDS. etc.

Do we need a way to monitor the information in files about individuals?
Answer: There are so many files, there is not going to be a way to monitor them all. Indeed, many more files will be developed.

Do we need the consent of an individual to use data that exist in files?
Answer: In the event of a medical emergency it may not be possible to get the consent of an individual and have it forwarded to an appropriate source that has the appropriate medical file and perhaps other medical sources in order to obtain the medical data needed to save the life of the individual.

Comment: Are we over-obsessed with the privacy of data?

Council for Ethics in Economics
125 East Broad Street
Columbus, Ohio 43215-3605 U.S.A.
(614) 221-8661
FAX: (614) 221-8707

Website designed and maintained by CINErgy Media Communication.
cinergy@cinecomm.com