A new law that lets banks, insurers, and brokerage houses merge and share your personal data has frightening implications for consumers. Your insurance company can now find out that you use your credit card to buy lots of big boxes of chocolate and bottles of wine. Never mind that these gifts were for business clients. Suddenly, your health and car insurance premiums rise because the company's actuarial computers think you're more likely to drive drunk or have a heart attack from eating all that chocolate.

With the Gramm-Leach-Bliley Act, this type of nightmare can become reality. The law allows these three kinds of businesses to merge, sell one another's services, and make partnerships. As a result, a big chunk of our private lives--credit card and ATM purchase histories, medical and other insurance records, and investment portfolios--will soon be bought and sold like commodities. Our only protection will be the inadequate and torturous process called opting out.

Data Shared Is Data Lost

This opt-out provision lets you specifically forbid the companies from sharing or trading nearly all information about you. The authors of the Gramm-Leach-Bliley Act granted this right in a subsection. But opt-out provisions are a poor option for consumers.

Here's why: In the next few months, you may get a letter from your credit card company, insurance agent, or broker that looks like a piece of junk mail. If you're like most people, you'll toss out this invitation to opt out--and with it will go your chance to prevent the sharing of your personal data.

Even if you read the notice, opting out won't be convenient. You'll have to write a letter, call a special phone number, or (in some cases) do both, or else these companies will be able to sell, buy, share, or trade fairly intimate details of your life with their business partners, their affiliates, and even to mysterious "third parties." And once the data is out there, you won't be able to get your privacy back.

American Express, which for years marketed itself as very protective of its customers' privacy, still collects and sells data. This year it changed the "corporate" card data collection policies to match the policies of its "personal" cards. The company says quite plainly in a letter sent to cardmembers that it plans to sell or share your name, address, phone number, purchase history, information from surveys, data from your credit report, and unspecified "noncredit information available from public sources" to its affiliates, licensees, subsidiaries, and outside bidders.

Oh, by the way, the letter added, you can tell Amex not to share your credit history if you write a letter to one office and phone (toll free) another with instructions not to sell your name to telemarketers. That was sure a big-hearted act.

The Plunder of Privacy

Be on the lookout for these kinds of letters, because the companies that send them won't make a big deal of their announcements. They expect you to chuck them into the trash with the coupons for carpet cleaning and roof repair, without giving these letters a second glance.

The obvious short-term solution is to stop these corporations from profiting by selling the details of your private life. Call the toll-free numbers set up by the companies and tell them you won't permit them to divulge any personal information, and ask for some sort of confirmation--either a letter or a record of your call--to be sure they enter it into their computers. If they give you only an address, don't hesitate to write them a letter stating the same thing.

But that doesn't go far enough. We need to tell our elected representatives that opt-out provisions are always unacceptable. What we need are opt-in provisions, which would require companies to get our explicit, written permission before they could market data about us. Then we could take them to task and ask them what they'd use the data for and who they'd sell it to. If the deal sounded good, we could agree to go along with it. If not, we could hang up the telephone, confident in the fact that the record of a pint of ice cream we buy will not make it into our health insurance bills as well.