RealTime IT News

Bill Targets Trafficking in Social Security Numbers

U.S. Senators Arlen Specter (R-Pa.) and Patrick Leahy (D-Ver.) introduced legislation Wednesday targeting data brokers and their methods of collecting and securing the personal information of Americans.

Spector, chairman of the Senate Judiciary Committee, and Leahy, the ranking Democrat on the panel, are seeking a national data breach disclosure law in addition to limiting the online trade in Social Security numbers.

The Personal Data Privacy and Security Act of 2005 introduced Wednesday comes more than two months after Specter's committee heard testimony on the rash of data breaches since the beginning of the year.

Just a week before the legislation was introduced, CardSystems, a company that services credit cards for MasterCard International, Visa and other brands, admitted to potentially exposing information about more than 40 million cardholders.

"We are in a field of phenomenal electronic advances," Specter said at a Capitol Hill press conference. "We are now seeing breaches in the security of those advances, and it has become a matter of serious consequence for our individual privacy and law enforcement."

The bill requires businesses that maintain personal data to give notice to individuals and law enforcement when they experience a breach involving sensitive personal data. In addition, it limits the buying, selling or displaying of a Social Security number without consent of the number's owner.

Further, the legislation prohibits companies from requiring individuals to use Social Security numbers as their account numbers and places limits on when companies can force individuals to turn over those numbers in order to obtain goods or services.

"It is time for Congress to catch up with the data market and to show the American people that we are aware of these threats and will protect the privacy and security of their personal information," Leahy said.

The legislation also boosts criminal penalties for identity theft involving personal data and adds fraud involving unauthorized access to personal data as a predicate offense for RICIO charges.

"Our laws need to keep pace with technology," said Leahy. "Insecure databases have become low-hanging fruit for hackers looking to steal identities and commit fraud during a time when we are seeing a troubling rise in organized rings that target personal data to sell in online, virtual bazaars."

Private sector companies are not the only entities dealing in personal data to be by targeted by the Specter-Leahy legislation. It requires the government to establish rules protecting privacy and security when it uses data broker information.

"Reforms like these are long overdue. This issue and our legislation deserve to become a key part of this year's domestic agenda so that we can achieve some positive changes in areas that affect the everyday lives of Americans," Leahy said.

The Specter-Leahy bill joins an already crowded field of Senate proposals about data breaches. Senators Dianne Feinstein (D-Calif.) and and Charles Schumer (D-Calif.) already have bills waiting for hearings by either the Judiciary Committee or the Commerce Committee.