Privacy Issues
Are Casinos, Griffin Investigations, SIN, Biometrica Violating the Law?
After many months researching the provisions of the Gramm-Leach-Bliley Act (GLB), I am of the opinion that the law is broken each time a casino transmits or receives personal information without your permission, transmitted either by intra-casino fax or by Griffin Investigations, the Surveillance Information Network (SIN), or Biometrica.
In 1999 Congress adopted the GLB Act, also referred to as The Financial Modernization Act to protect the privacy of consumers. The Federal Trade Commission is charged with enforcing violations of the act, however in certain cases other agencies such as the FDIC may also have enforcement powers.
Following is a link to the entire GLB Act. Please pay particular attention to Title V. The provisions of the GLB are quite lengthy, so in the interest of time, I will summarize the appropriate provision, giving you the rule number, section, paragraph number and will include my comments pertinent to each section. As you read thru the Act, you will see continuous references to "financial institutions" and the terms "consumers" and "customers".
With that in mind, we have to ascertain that the casinos fall under the Federal definition as a recognized financial institution. To do this, I refer you to article n5(i) of the following (see below): FDIC: Law, Regulations, Related Acts - Miscellaneous Statutes and Regulations
8000 - FDIC Miscellaneous Statues and Regulations, Section 103.11 Meaning of terms; {{8-31-99 p 8483}} (9) (n), (5)(i) which states:
(n) Financial Institution. Each agent, agency, branch, or office within the United States of any person doing business, whether or not on a regular basis or as an organized business concern, in one or more of the capacities listed below:
(1) A bank (except bank credit card systems);
(2) A broker or dealer in securities;
(3) A money services business as defined in paragraph (uu) of this section;
(4) A telegraph company;
(5)(i) Casino.A casino or gambling casino that: Is duly licensed or authorized to do business as such in the United States, whether under the laws of a State or of a Territory or Insular Possession of the United States, or under the Indian Gaming Regulatory Act or {{4-30-98 p.8484}} other federal, state, or tribal law or arrangement affecting Indian lands (including, without limitation, a casino operating on the assumption or under the view that no such authorization is required for casino operation on Indian lands); and has gross annual gaming revenue in excess of $1 million. The term includes the principal headquarters and every domestic branch or place of business of the casino;
This clearly establishes that casinos are classified by the Federal Government as a financial institution, thus making them subject to compliance of the GLB Act.
Throughout the bill the Feds make reference to "customers" and "consumers" so logically we must determine if a patron of the casino falls under this classification.
Section 103.64 Special rules for casinos {{ 8-31-99 p 8514}} (2) and (3) are of particular interest in that they very explicitly state who is a customer.
FDIC: Law, Regulations, Related Acts - Miscellaneous Statutes and Regulations
The applicable text is highlighted in bold below:
(2) Casino account number means any and all numbers by which a casino identifies a customer.
(3) Customer includes every person which is involved in a transaction to which this part applies with a casino, whether or not that person participates, or intends to participate, in the gaming activities offered by that casino.
So far, we've established that the casinos are subject to the GLB Laws and that we are "customers". Now lets get into the laws prohibiting the distribution of information and permissible purposes for distribution.
Gramm-Leach-Bliley Act Compliance Is Now Required With Every Search For Non-Public Information.
To ensure compliance with the privacy provisions of the federal Gramm-Leach-Bliley Act - Public Law 106-102, Title V, Privacy (GLB Act), and the subsequent regulations adopted by the Federal Trade Commission, which went into effect July 01, 2001, search requests for "non-public information"* must include a "Permissible Purpose" confirming the legality of the search requested.
*Non-public information, as defined by the Gramm-Leach-Bliley Act, includes a consumers name, address, telephone number, date of birth, social security number, and any other information that was derived from any sort of application or form wherein the consumer provided such information to a financial institution. The GLB Act provides that the following institutions, and others, are considered financial institutions: insurance companies, banks, lending institutions, consumer reporting agencies such as credit bureaus, etc. For practical purposes as applicable to our service, virtually all consumer information that is obtained from these sources may be considered non-public information, and is therefore controlled by the GLB Act.
Here it is interesting to note that the "non public personal information" definition is so broad it even includes your name, address, date of birth OR any other information that you provided to the "financial institution" (Casino). This broad definition contained in the GLB Act upset the Washington Association of Private Investigators so much that their president Abby Gorder wrote a letter in protest. Additionally, the private investigators associations formed CAFPA (Coalition to Amend the Financial Privacy Act) and along with the National Association of Legal Investigators (NALI) were able to amend the GLB act ONLY in connection with Child Support cases.
How in the world could a casino claim they didn't violate the law and justify giving your (often incorrect or slanderous) information to Griffin, SIN, Biometrica, or another Casino?
I have reprinted pertinent sections of the act below.
Gramm-Leach-Bliley Act: Subchapter I: Disclosure of Nonpublic Personal Information
Gramm-Leach-Bliley Act
15 USC, Subchapter I, Sec. 6801-6810
Disclosure of Nonpublic Personal Information
6801.Protection of nonpublic personal information.
(a) Privacy obligation policy.
(b) Financial institutions safeguards
6802.Obligations with respect to disclosures of personal information.
(a) Notice requirements.
(b) Opt out.
(c) Limits on reuse of information.
(d) Limitations on the sharing of account number information for marketing purposes.
(e) General exceptions.
6803.Disclosure of institution privacy policy.
(a) Disclosure required.
(b) Information to be included.
6804. Rulemaking.
(a) Regulatory authority.
(b) Authority to grant exceptions.
6805.Enforcement.
(a) In general.
(b) Enforcement of section 6801.
(c) Absence of State action.
(d) Definitions.
6806.Relation to other provisions.
6807.Relation to State laws.
(a) In general.
(b) Greater protection under State law.
6808.Study of information sharing among financial affiliates.
(a) In general.
(b) Consultation.
(c) Report.
6809. Definitions.
6810. Effective Date
Sec. 6801.Protection of nonpublic personal information
(a) Privacy obligation policy. It is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers' nonpublic personal information.(b) Financial institutions safeguards. In furtherance of the policy in subsection (a) of this section, each agency or authority described in section 6805(a) of this title shall establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical, and physical safeguards -
(1) to insure the security and confidentiality of customer records and information;
(2) to protect against any anticipated threats or hazards to the security or integrity of such records; and
(3) to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.
I find (3) to be of particular interest in that they mention "substantial harm or inconvenience to any customer". Doesn't the sharing of your personal information to other Casinos/Griffin/SIN/Biometrica cause the advantage player "substantial harm" or at the very least "inconvenience"?
Section 6802 speaks of notice requirements and the opt out provisions:
Sec. 6802. Obligations with respect to disclosures of personal information
(a) Notice requirements Except as otherwise provided in this subchapter, a financial institution may not, directly or through any affiliate, disclose to a nonaffiliated third party any nonpublic personal information, unless such financial institution provides or has provided to the consumer a notice that complies with section 6803 of this title.(b) Opt out.
(1) In general A financial institution may not disclose nonpublic personal information to a nonaffiliated third party unless -
(A) such financial institution clearly and conspicuously discloses to the consumer, in writing or in electronic form or other form permitted by the regulations prescribed under section 6804 of this title, that such information may be disclosed to such third party;(B) the consumer is given the opportunity, before the time that such information is initially disclosed, to direct that such information not be disclosed to such third party; and(C) the consumer is given an explanation of how the consumer can exercise that nondisclosure option.
Has anyone EVER received a notice from a casino allowing them to opt out? If not, aren't they in violation of this law?
(2) Exception
This subsection shall not prevent a financial institution from providing nonpublic personal information to a nonaffiliated third party to perform services for or functions on behalf of the financial institution, including marketing of the financial institution's own products or services, or financial products or services offered pursuant to joint agreements between two or more financial institutions that comply with the requirements imposed by the regulations prescribed under section 6804 of this title, if the financial institution fully discloses the providing of such information and enters into a contractual agreement with the third party that requires the third party to maintain the confidentiality of such information.
I don't believe it's legal for a Casino to provide your personal information with Griffin, SIN, Biometrica, or other casinos; however, if it were legal do these institutions maintain the confidentiality of such information or do they SELL it to another Casino? At the very least, isn't this clearly a violation of the law?
GLB Act 15 USC Subchapter II, Sec. 6821-6827 Fraudulent Access to Financial Information
Gramm-Leach-Bliley Act: Subchapter II: Fraudulent Access to Financial Information
Sec. 6821. Privacy protection for customer information of financial institutions
(a) Prohibition on obtaining customer information by false pretenses
It shall be a violation of this subchapter for any person to obtain or attempt to obtain, or cause to be disclosed or attempt to cause to be disclosed to any person, customer information of a financial institution relating to another person -
(1) by making a false, fictitious, or fraudulent statement or representation to an officer, employee, or agent of a financial institution;
(2) by making a false, fictitious, or fraudulent statement or representation to a customer of a financial institution; or
(3) by providing any document to an officer, employee, or agent of a financial institution, knowing that the document is forged, counterfeit, lost, or stolen, was fraudulently obtained, or contains a false, fictitious, or fraudulent statement or representation.
Private Investigator exclusion:
(g) Non-applicability to collection of child support judgments. No provision of this section shall be construed to prevent any State-licensed private investigator, or any officer, employee, or agent of such private investigator, from obtaining customer information of a financial institution, to the extent reasonably necessary to collect child support from a person adjudged to have been delinquent in his or her obligations by a Federal or State court, and to the extent that such action by a State-licensed private investigator is not unlawful under any other Federal or State law or regulation, and has been authorized by an order or judgment of a court of competent jurisdiction.(Pub. L. 106-102, title V, Sec. 521, Nov. 12, 1999, 113 Stat. 1446.)
Isn't this section of the law violated each time a Casino, Griffin, SIN, or Biometrica distributes false information which classifies you as a "cheat" when in fact all you are doing is using your brain to play the game of blackjack to the best of your abilities AND play by the rules set forth by the casinos themselves?
For any enterprising attorneys reading this, The FTC has established both administrative penalties as well as criminal penalties and will even pay a bounty as a percentage of what they collect for violations of the Gramm-Leach-Bliley Act as follows:
Sec. 6822. Administrative enforcement
(a) Enforcement by Federal Trade Commission, Except as provided in subsection (b) of this section, compliance with this subchapter shall be enforced by the Federal Trade Commission in the same manner and with the same power and authority as the Commission has under the Fair Debt Collection Practices Act (15 U.S.C. 1692 et seq.) to enforce compliance with such Act.(b) Enforcement by other agencies in certain cases
(1) In general, Compliance with this subchapter shall be enforced under –
(A) section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818), in the case of –
(i) national banks, and Federal branches and Federal agencies of foreign banks, by the Office of the Comptroller of the Currency;
(ii) member banks of the Federal Reserve System (other than national banks), branches and agencies of foreign banks (other than Federal branches, Federal agencies, and insured State branches of foreign banks), commercial lending companies owned or controlled by foreign banks, and organizations operating under section 25 or 25A of the Federal Reserve Act (12 U.S.C. 601 et seq., 611 et seq.), by the Board;
(iii) banks insured by the Federal Deposit Insurance Corporation (other than members of the Federal Reserve System and national nonmember banks) and insured State branches of foreign banks, by the Board of Directors of the Federal Deposit Insurance Corporation; and
(iv) savings associations the deposits of which are insured by the Federal Deposit Insurance Corporation, by the Director of the Office of Thrift Supervision; and
(B) the Federal Credit Union Act (12 U.S.C. 1751 et seq.), by the Administrator of the National Credit Union Administration with respect to any Federal credit union.
(2) Violations of this subchapter treated as violations of other laws
For the purpose of the exercise by any agency referred to in paragraph (1) of its powers under any Act referred to in that paragraph, a violation of this subchapter shall be deemed to be a violation of a requirement imposed under that Act. In addition to its powers under any provision of law specifically referred to in paragraph (1), each of the agencies referred to in that paragraph may exercise, for the purpose of enforcing compliance with this subchapter, any other authority conferred on such agency by law.
Criminal penalties:
Sec. 6823. Criminal penalty
(a) In general, Whoever knowingly and intentionally violates, or knowingly and intentionally attempts to violate, section 6821 of this title shall be fined in accordance with title 18 or imprisoned for not more than 5 years, or both.
(b) Enhanced penalty for aggravated cases. Whoever violates, or attempts to violate, section 6821 of this title while violating another law of the United States or as part of a pattern of any illegal activity involving more than $100,000 in a 12-month period shall be fined twice the amount provided in subsection (b)(3) or (c)(3) (as the case may be) of section 3571 of title 18, imprisoned for not more than 10 years, or both.(Pub. L. 106-102, title V, Sec. 523, Nov. 12, 1999, 113 Stat. 1448.)
It is my sincere hope that this information will help stop the distribution of personal information among casinos and aid those who presently have litigation pending against a casino or Griffin Investigations.
Criminal penalties:
Sec. 6823. Criminal penalty
(a) In general, Whoever knowingly and intentionally violates, or knowingly and intentionally attempts to violate, section 6821 of this title shall be fined in accordance with title 18 or imprisoned for not more than 5 years, or both.
(b) Enhanced penalty for aggravated cases. Whoever violates, or attempts to violate, section 6821 of this title while violating another law of the United States or as part of a pattern of any illegal activity involving more than $100,000 in a 12-month period shall be fined twice the amount provided in subsection (b)(3) or (c)(3) (as the case may be) of section 3571 of title 18, imprisoned for not more than 10 years, or both.(Pub. L. 106-102, title V, Sec. 523, Nov. 12, 1999, 113 Stat. 1448.)
It is my sincere hope that this information will help stop the distribution of personal information among casinos and aid those who presently have litigation pending against a casino or Griffin Investigations.
Please log in or register to leave a comment