RealTime IT News

ChoicePoint ID Theft Stirs Up Congress

The ChoicePoint ID theft scandal resonated through Congress this week with calls for hearings, investigations and new legislation to better protect the information collected by private data brokers.

Last week, ChoicePoint said it had been a victim of a criminal fraud in which the company was duped into releasing personal data on approximately 145,000 U.S. citizens in all 50 states.

ChoicePoint is now in the process of notifying all of the potential victims who could become targets of ID theft. The Alpharetta, Ga.-based company, one of the country's largest data warehouses, compiles data, including Social Security numbers and credit reports, on virtually every American.

Congress was on vacation this week, but the ChoicePoint situation sparked outcries and calls for stronger privacy protection action from lawmakers when they return to business next week.

Sen. Patrick Leahy of Vermont, the Democrats' ranking member on the Senate Judiciary Committee, immediately requested a series of hearings on private data companies that have little oversight and few rules that protect public privacy.

Sen. Diane Feinstein (D-Calif.) used the ChoicePoint incident to promote legislation she has already introduced. It is modeled on a California law that requires data collection companies to notify affected individuals if there is a breach in their data system. California is the only state to have such a law.

Florida Democrat Bill Nelson said he would introduce legislation in the Senate that would extend the provisions of the Fair Credit Reporting Act to commercial data brokers.

"New technologies, new private-public domestic security partnerships, and the rapid rise of giant information brokers that collect and sell personal information about each and every American have all combined to produce powerful new threats to privacy," Leahy said in a statement. "It's time to turn some sunshine on these developments so the public can understand how and why their personal information is being used."

Pennsylvania Republican Arlen Specter, the chairman of the Judiciary Committee, quickly agreed to the hearings. Although no date has been set for the hearings, Leahy spokesman David Carle said, "It's all moving fairly quickly now."

In his letter to Specter requesting the hearing, Leahy, a longtime technology champion, said advances in data collection and analysis have "enhanced our law enforcement and homeland security efforts, as well as made our lives more convenient and enjoyable These advances also present new challenges that require vigilant congressional scrutiny."

Leahy added, "We need to master these technological advances rather than allow them to master us. Recent events indicate that we are in danger of losing this struggle."

Feinstein said she has three bills that would give consumers greater control over their personal data.

"The ChoicePoint situation is perhaps the biggest indication of the vulnerability and lack of protection of individuals' personal data," Feinstein said in a statement. "As a result, identity theft incidents are escalating into the hundreds of thousands at a given time."

Feinstein wants to expand the California law into federal legislation that would require data collection companies to obtain consumers' consent before selling sensitive personal data. She also wants to prohibit the sale or display of Social Security numbers to the general public without individuals' knowledge and consent.

In addition, the bill would bar government agencies from displaying Social Security numbers on public records that are posted on the Internet as well as prohibit the printing of Social Security numbers on government checks.

"The only way to fix the situation is with federal legislation because we need an even playing field in every state. It is my hope that this incident will accelerate action and lead to greater protection of personal data," Feinstein said.

Sen. Charles Schumer (D-N.Y.) also lamented the ChoicePoint situation but broadened the scope of data collection firms not properly protecting information to Westlaw, a Minnesota-based data search company. According to Schumer, Westlaw's Internet-based People-Find service provides Social Security numbers to anyone willing to pay a fee.

"Westlaw's People-Find service might as well be the first chapter of 'Identity Theft for Dummies.' Criminals no longer need to forage through dumpsters for discarded bills -- they just need to send Westlaw a check and they're in the identity theft business," Schumer said in a letter to Westlaw President Peter Warwick. "Any Westlaw user who pays for your People-Find database can obtain the Social Security number of virtually any person in the United States."

Schumer wants Westlaw to disable the service until he introduces legislation to "plug these egregious loopholes allowing millions of Social Security numbers to be on the Internet."

Schumer said a constituent who works for the federal court system brought the Westlaw People-Find feature to his attention. According to Schumer, private companies subscribe to the service and have access to Social Security numbers.

"When I called Westlaw, I learned that this service is available to anyone who is willing to pay for it, regardless of their need for it and without cursory background checks. Westlaw relies on an on-your-honor affirmation by users that they will not use the information they find illegally," Schumer said.

Schumer added in a press statement, "Rather than receiving assurances that the problem would be remedied, my office received a letter from Westlaw's legal representation that failed to address the central issue -- that there are no real standards for keeping sensitive personal data out of the wrong hands."