Media Room

Legal and Ethical Issues in Obtaining and Sharing Information

The obtaining and utilization of competitive intelligence is becoming increasingly important in the life insurance industry. The movement toward the integration of financial services is enhancing the demand for up-to-date, accurate information. The advent of electronic communication, i.e., facsimile, e-mail, and the Internet, has changed the way business is done. Because business can be completed more rapidly (even instantaneously), the demand for competitive intelligence is even greater than ever before. The purpose of this paper is to outline some of the legal and ethical issues that confront the life insurance industry in the process of obtaining competitive intelligence.

What is "competitive intelligence"? One definition would be any information that would help an insurer (or the seller of insurance) compete in the marketplace. Such information could include prices, sales practices, methods of delivery, costs of production, methods of product development, methods of compensation, utilization of information technology and other research capabilities, strategic plans, marketing plans and methods, as well as other information.

The legal and ethical issues resulting from the obtaining of competitive intelligence can be roughly divided into two areas. First, there are the problems that arise with the obtaining of competitive intelligence by competitors acting cooperatively. These can be characterized as antitrust or unfair competition issues. Second, there are the issues that arise when an insurer, or its agent, obtains information from public sources or from third parties. These issues include privacy, confidentiality, trade secrets, and both civil and criminal breaches of state and federal law.

We will first address the issues that arise in the context of the cooperative obtaining of information. Next we will turn to those issues that might arise by obtaining information in the public domain or from third parties. Finally, we will conclude by proposing a method whereby competitive intelligence gatherers can seek to avoid breaching either legal or ethical constraints.


OBTAINING INFORMATION COOPERATIVELY (ANTITRUST)

Much useful competitive intelligence can be gathered through the cooperative activity of competitors. However, the exchange of information that may have an effect upon competition in the marketplace must be approached with great caution because it might be perceived as evidence of an agreement or conspiracy in the restraint of trade.

In general, any conspiracy or collective activity which has the purpose or effect of fixing, stabilizing or tampering with prices is illegal under Section 1 of the Sherman Act on a per se basis, i.e., the court does not need to examine the effect on prices, the ability of the defendants to control prices, or other related considerations. However, in cases involving the exchange of cost and price information among competitors in trade associations, the Supreme Court has generally taken a rule of reason approach.

The general principles involved in this kind of analysis were established by the cases of American Column Co. v. United States, 257 U.S. 377 (1921), and Maple Flooring Mfrs. Ass’n v. United States, 268 U.S. 563 (1925). In American Column, the exchange of cost and price information by trade association members was held to violate the antitrust laws. The Supreme Court was able to infer from the detailed nature of the information provided, the means whereby the information was acquired, and the use to which the information was put (the projection of future prices) that an agreement to raise prices existed.

American Column was subsequently distinguished by the Maple Flooring case. In Maple Flooring, the Supreme Court held that there was no evidence of an agreement to raise prices or any evidence of an increase in prices as a result of the exchange of information. The Maple Flooring Manufacturers’ Association circulated to its members the price components of hard wood flooring; however, the parties to the individual transactions were not identified, the information reflected exclusively past transactions, and the information was available to consumers as well as members of the association. Even though the exchange of information by the association resulted in a stabilization of trade practices and price, the Supreme Court held that those restraints were not "unreasonable" and only became so in a competitive market situation when "improper use is made of that information through any concerted action which operates to restrain the freedom of action of those who buy and sell".

In United States v. Container Corp., 393 U.S. 333 (1969), the Supreme Court held that an exchange of pricing information which had resulted in stable prices was unlawful. The Court noted that the corrugated container industry is dominated by relatively few sellers, the product is fungible, the demand is inelastic, and, therefore, the exchange of price information tends to establish price uniformity and thereby have an anticompetitive effect.

The holdings of the above cases, and others interpreting them, is that an arrangement to exchange price information is per se illegal if there is evidence of an agreement to fix or stabilize prices. Absent such an illegal conspiracy or purpose, the exchange of information will be held to be an unreasonable restraint of trade if the activity has "an anticompetitive effect in the industry chilling the vigor of price competition".

An antitrust conspiracy can be established by a court on the basis of inference from the nature of the activity undertaken by competitors even if that activity itself does not establish an agreement or conspiracy. Accordingly, the danger exists that even though the information may be produced for a legitimate purpose, its use may appear to facilitate collusion.

A conclusion which can be drawn from American Column, Maple Flooring and Container (and the cases construing them) is that information which permissibly may be exchanged must be historical (i.e., related to prior transactions). There is wide agreement on this issue among authorities. The information exchanged should also be in a composite format so that individual company data is not revealed.

The insurance industry is subject to one of the several exemptions from the federal antitrust laws embodied in the McCarran-Ferguson Act, 15 U.S.C. § 1011 et seq. However, the McCarran exemption is quite narrow. It exempts conduct that constitutes "the business of insurance" but only to the extent that such conduct is "regulated by State law" and only so long as that conduct does not constitute an "agreement to boycott, coerce, or intimidate".

Obtaining competitively sensitive information, such as rate related information through a state regulated rating bureau, would fall within the McCarran exemption. However, to the extent that sensitive information is obtained outside the protection of a rating organization, the McCarran exemption would not apply. In other words, obtaining information from a rate filing or other public documents would not pose antitrust risk. Obtaining such information from an individual carrier could pose antitrust risk, particularly if such an exchange of information could lead to the inference that prices were being set as a result of collusive activity among competitors.

A further concern would be that the exchange of price information could result in collective action by insurers to engage in a "boycott" of non-cooperating insurers. A boycott or other action to enforce price collusion would fall outside the protection of the McCarran Act under the "boycott, coercion, or intimidation" exception.

A violation of the Sherman Antitrust Act can be a very serious matter. A violation is a felony which can be punished by up to three years in prison and a $350,000 fine for individuals and a $10 million fine for corporations. While the exchange of sensitive information among competitors may not necessarily produce a restraint on trade, it may produce the appearance of such a restraint and, therefore, is dangerous to the participants.

While not directly applicable, the Department of Justice and the Federal Trade Commission have cooperated in the development of standards embodied in the Statements of Antitrust Enforcement Policy in Health Care. The Guidelines acknowledge that surveys of competitive information can have benefits for consumers, but must be performed with appropriate safeguards. Statement 6 of the Guidelines references the following safeguards: (1) a survey must be managed by a third party, e.g., counsel, consultant, trade association, etc.; (2) the information must be at least three months old; (3) there are at least five entities (in this case, hospitals) providing information, and (4) the information is aggregated so it does not allow the recipients to identify the specific participant in the survey providing the sensitive information.

In sum, while some competitively sensitive information may be collected cooperatively, current information or information affecting the future, e.g., marketing plans, pricing, etc. presents a grave antitrust risk and should be avoided. To the extent that it is decided to collect such information, third party non-competitors, e.g., consultants, or counsel, should be utilized.

Of course, the nature of the information to be collected is significant. Price information or marketing strategies are highly sensitive because their exchange could lead to the inference that prices are being fixed or markets are being allocated. Other factors include the number of participants involved in the data sharing (the greater the number of participants, the less likely it is that a conspiracy can exist), the concentration of the market (a conspiracy is easier in a concentrated market), and the frequency of the information exchanges (a frequent exchange of information can lead to the inference that information is being exchanged in response to market conditions for the purpose of affecting market conditions).


INFORMATION COLLECTED FROM THIRD PARTIES (PRIVACY AND OTHER CONCERNS)

Much competitive intelligence is collected without the cooperation of competitors. Much competitive intelligence can be gleaned from information in the public domain through library research, newspaper articles, trade journals, and other publications. Both the state and federal governments mandate financial and other filings such as the SEC’s 10-K’s and 10-Q’s, which can be very informative. The federal Freedom of Information Act and state counterparts (which are commonly known as "Sunshine" acts or "Public Record" acts) can also provide a useful source of competitive information. The exponentially increasing utilization of the Internet by public libraries, universities, and, in particular, state and federal governments, has increased access to useful information.

Another source of information is data that can be purchased or rented from third party vendors. This information may include names, addresses, telephone numbers, mailing addresses, social security numbers, age information, health and medical data, and other personal or proprietary information. In particular, some information that is available by this method may have been acquired for one purpose and then sold or rented for another.

The utilization of personal information acquired in this manner is problematic for the competitive intelligence professional. The rules and regulations regarding the use of personal information cannot be found simply in a statute or an interpretive regulation. What has now become known as "information law" is a combination of non-statutory tort, property, and contract law in addition to statutory and regulatory law, such as the Fair Credit Reporting Act. Further complicating the life of the competitive intelligence professional is the fact that the use to which the information may be put may determine whether or not its use is lawful. In other words, information obtained for one purpose may be lawful, but if utilized for another purpose, may be illegal. The following is an overview of some of these issues.

Readily accessible factual data may be subject to copyright protection, which means that the owner of the copyright has the exclusive right to reproduce the copyrighted material. The copyright protection does not cover the factual information itself, rather it protects the work of the copyright holder in expressing, gathering, presenting, describing, or arranging the information. Lists of factual information where judgment is shown in the gathering of the factual data can be subject to copyright protection, e.g., a list to the best hotels or restaurants. Electronic databases that are accessible through the Internet are frequently copyrighted.

However, the Federal Copyright Act permits "fair use" of copyrighted material. The determination of what is "fair" involves a balancing test by a court which takes into consideration the nature of the copyrighted work, whether it is commercial or not, the amount of the work that is utilized by the non-copyright holder, and the effect of the use on the value of the copyrighted material.

In addition to federal copyright law, there are numerous state statutes and common law causes of action that need to be considered. For example, the Congress in 1986 adopted the Computer Fraud and Abuse Act, which prohibits unauthorized access to computer information. A majority of states have adopted computer crime statutes, as well.

Unauthorized access to confidential or copyrighted information can be protected by a variety of common law theories also. "Misappropriation" of information can be actionable as a tort under state law. More commonly, access to information (particularly electronic information) will be covered by a contract, the breach of which can be enforced. A common example would be a license agreement to buy software or to subscribe to a proprietary database.

The use of a "trade secret", even if it may have innocently come into the possession of a competitive intelligence professional, can be restricted. One definition of a "trade secret" is "any information that can be used in the operation of a business or other enterprise and that is sufficiently valuable to afford an actual or potential economic advantage over others". The holder of the trade secret must take adequate precautions to protect it because if it becomes public information, of course, it is no longer protected.

A trade secret is "property", and its acquisition by way of fraud, deceit, or breach of a contractual obligation is subject to civil damages and, in some cases, criminal action. A customer list, for example, can qualify as a "trade secret" if "reasonable" efforts are made to protect the list, the list has commercial value for its owner, and the list is not otherwise available in the public domain. However, a trade secret will not be protected from "reverse engineering", i.e., the examination of a product by its competitors to determine the method of production, ingredients, etc., involved in the product.

If an individual improperly obtains a trade secret, the individual can be subject to suit for damages based on a theory of misappropriation or unfair competition. Improper methods of acquisition would include theft, fraud, breach of contract, or unauthorized interception of communications. An individual who knowingly receives misappropriated information can also be held responsible.

The protection of personal information from discovery and disclosure, i.e., "privacy", has recently become a very important aspect of the debate in Congress regarding financial services reform. However, the popular concern regarding privacy dates back over three decades to the early 1970s. In 1971, the Congress passed the Fair Credit Reporting Act (FCRA), which was amended by Congress in 1996. In 1974, the Congress passed the Privacy Act of 1974 which governs the acquisition and disclosure of personal information by federal agencies.

The FCRA imposes standards and obligations on consumer reporting agencies for the purpose of making certain that the information which is obtained and reported is accurate and fair to the consumer. The FCRA contains the types of consumer protection that have been incorporated into subsequent consumer protection legislation, e.g., the right for an individual to obtain notice that their personal information is about to be obtained or disclosed and the right for the consumer to have access to his or her personal information and to take action and make sure that it is accurate.

Privacy legislation also was enacted at the state level. The National Association of Insurance Commissioners (NAIC) developed the Privacy Protection Act, which has subsequently been adopted in 16 states. The Privacy Protection Act requires insurers and insurance agents to provide applicants for insurance with information concerning what information is required, what information can be distributed, and how this might affect the applicant’s personal information. The insurer is generally required to obtain a signed authorization before information may be disclosed.

In September 1998, the NAIC adopted a new model act regarding privacy, the NAIC Health Information Privacy Model Act. The new model applies to all lines of insurance, but is limited to health information. The Act has not yet been adopted by any states.

Congress, in part, addressed the issue of health insurance confidentiality in the Health Insurance Portability and Accountability Act of 1986 (HIPAA). HIPAA mandates that the Secretary of Health and Human Services issue regulations regarding health information privacy standards if Congress has failed to do so no later than August 1999. This has prompted the introduction of numerous bills in the Congress, which are now working their way through the legislative process.

The issue of customer information privacy is one of the thorniest issues in the ongoing Congressional debate over the reform of the laws governing the financial services industry. This legislation, which will affect the future of the banking, insurance, and securities industries in the United States, is being held up by the politically volatile issue of consumer privacy rights. While all sides acknowledge that consumer privacy is important, the banking, insurance and securities industries are advocating that the right to "cross sell" is essential to the integration of financial services, which, in turn, should benefit consumers through better access to financial products and lower prices.

A focus of the debate relates to consumer behavior. Consumer advocates want to give consumers the option to have to affirmatively "opt-in", i.e., sign a consent form, to permit information to be conveyed to a third party. Most financial service companies vigorously oppose an "opt-in", particularly for inter-affiliate transfers of information, but, in most cases, could live with an "opt-out" arrangement, where the consumer would affirmatively have to prohibit the transfer of his information.

One of the strongest arguments supporting financial service reform is that the United States will lose its position of supremacy in the financial services marketplace unless it can modernize to keep up with its European and Asian competitors, which are not hindered by the separation of commerce and banking imposed by the Glass-Steagall Act, which has been the law of the United States since the Great Depression. However, the European Union is well ahead of the United States in regard to the uniformity of its privacy safeguards. The European Union has issued a Directive which restricts the disclosure of personal information outside the European community unless the recipient country has comparable privacy safeguards. The United States Department of Commerce is in discussions now with the European community to convince the Europeans that the United States, in practice, observes such safeguards. In sum, financial service reform legislation and the need to coordinate privacy policy with that of the European community will place pressure on the federal and state governments to enhance and coordinate privacy legislation, regulations and enforcement.


CONCLUSION

Determining whether the acquisition of competitive intelligence or its use violates a legal or ethical standard is complicated. There are overlapping and occasionally inconsistent federal, state, and common law constraints. The final page of this paper is a chart which suggests the questions that need to be asked to determine whether or not competitive intelligence may be utilized.

As noted above, the competitive intelligence professional must start by determining if the information was obtained cooperatively with a competitor or whether it was obtained from a third party. He or she must then determine issues such as the nature of the information, whether it is personal or private, how the information was obtained, the use to which the information would be put, and then determine if any specific statutes or common law principles have been violated.