The ChoicePoint ID theft scandal resonated through Congress this week with
calls for hearings, investigations and new legislation to better protect the
information collected by private data brokers.
Last week, ChoicePoint said it had been a victim of a criminal fraud in which the company was duped into releasing personal data on approximately 145,000 U.S. citizens in all 50 states.
ChoicePoint is now in the process of notifying all of the potential victims who could become targets of ID theft. The Alpharetta,
Ga.-based company, one of the country’s largest data warehouses, compiles
data, including Social Security numbers and credit reports, on virtually
every American.
Congress was on vacation this week, but the ChoicePoint situation
sparked outcries and calls for stronger privacy protection action from
lawmakers when they return to business next week.
Sen. Patrick Leahy of Vermont, the Democrats’ ranking member on the Senate
Judiciary Committee, immediately requested a series of hearings on private
data companies that have little oversight and few rules that protect public
privacy.
Sen. Diane Feinstein (D-Calif.) used the ChoicePoint incident to promote
legislation she has already introduced. It is modeled on a California law that requires data collection companies to notify affected individuals if there
is a breach in their data system. California is the only state to have such
a law.
Florida Democrat Bill Nelson said he would introduce legislation in the
Senate that would extend the provisions of the Fair Credit Reporting Act to
commercial data brokers.
“New technologies, new private-public domestic security partnerships, and
the rapid rise of giant information brokers that collect and sell personal
information about each and every American have all combined to produce
powerful new threats to privacy,” Leahy said in a statement. “It’s time to
turn some sunshine on these developments so the public can understand how
and why their personal information is being used.”
Pennsylvania Republican Arlen Specter, the chairman of the Judiciary
Committee, quickly agreed to the hearings. Although no date has been set for
the hearings, Leahy spokesman David Carle said, “It’s all moving fairly
quickly now.”
In his letter to Specter requesting the hearing, Leahy, a longtime
technology champion, said advances in data collection and analysis have
“enhanced our law enforcement and homeland security efforts, as well as made
our lives more convenient and enjoyable These advances also present new
challenges that require vigilant congressional scrutiny.”
Leahy added, “We need to master these technological advances rather than
allow them to master us. Recent events indicate that we are in danger of
losing this struggle.”
Feinstein said she has three bills that would give consumers greater control
over their personal data.
“The ChoicePoint situation is perhaps the biggest indication of the
vulnerability and lack of protection of individuals’ personal data,”
Feinstein said in a statement. “As a result, identity theft incidents are
escalating into the hundreds of thousands at a given time.”
Feinstein wants to expand the California law into federal legislation that
would require data collection companies to obtain consumers’ consent before
selling sensitive personal data. She also wants to prohibit the sale or
display of Social Security numbers to the general public without
individuals’ knowledge and consent.
In addition, the bill would bar government agencies from displaying Social
Security numbers on public records that are posted on the Internet as well
as prohibit the printing of Social Security numbers on government checks.
“The only way to fix the situation is with federal legislation because
we need an even playing field in every state. It is my hope that this
incident will accelerate action and lead to greater protection of personal
data,” Feinstein said.
Sen. Charles Schumer (D-N.Y.) also lamented the ChoicePoint situation but
broadened the scope of data collection firms not properly protecting
information to Westlaw, a Minnesota-based data search company. According to
Schumer, Westlaw’s Internet-based People-Find service provides Social
Security numbers to anyone willing to pay a fee.
“Westlaw’s People-Find service might as well be the first chapter of
‘Identity Theft for Dummies.’ Criminals no longer need to forage through
dumpsters for discarded bills — they just need to send Westlaw a check and
they’re in the identity theft business,” Schumer said in a letter to Westlaw
President Peter Warwick. “Any Westlaw user who pays for your People-Find
database can obtain the Social Security number of virtually any person in
the United States.”
Schumer wants Westlaw to disable the service until he introduces legislation
to “plug these egregious loopholes allowing millions of Social Security
numbers to be on the Internet.”
Schumer said a constituent who works for the federal court system brought
the Westlaw People-Find feature to his attention. According to Schumer,
private companies subscribe to the service and have access to Social
Security numbers.
“When I called Westlaw, I learned that this service is available to anyone
who is willing to pay for it, regardless of their need for it and without
cursory background checks. Westlaw relies on an on-your-honor affirmation by
users that they will not use the information they find illegally,” Schumer
said.
Schumer added in a press statement, “Rather than receiving assurances that
the problem would be remedied, my office received a letter from Westlaw’s
legal representation that failed to address the central issue — that there
are no real standards for keeping sensitive personal data out of the wrong
hands.”