Senate Debating Data Privacy Changes


WASHINGTON — Unless Congress takes quick action against identity theft, Americans will soon find all their personally identifiable information up for sale or in the hands of ID thieves.

That’s the sentiment of U.S. Sen. Bill Nelson (D-Fla.). He and Charles Schumer (D-N.Y.) want data brokers such as ChoicePoint and LexisNexis to be regulated in the same manner as credit bureaus.


“We must mandate that companies must reasonably protect this information
collected on virtually every American,” Nelson said. “As a result of what we’ve seen so far, if we don’t do something none of us are going to have any identity left.”

Their goal in co-sponsoring new legislation is to require notification to consumers when their data is compromised and crack down on the sale of Social Security numbers.

Nelson’s comments came Tuesday as the Senate Commerce Committee began the first of a
series of hearings on private data companies that currently have little
oversight and few rules that protect public privacy. Hearings are already
underway in other Senate and House committees.


“This is a very serious thing with several bills already introduced in
Congress. It’s going to be a very difficult thing to handle,” Chairman Ted
Stevens (R-Alas.) predicted.


As they have in three previous appearances before Congressional panels this
year, executives from ChoicePoint and LexisNexis headlined Tuesday’s hearing. And, as before, they again apologized for their companies’ well-publicized data breaches while touting their strengthened security measures.


“Even if they [ChoicePoint and LexisNexis] improve their business practices,
there are still hundreds of smaller data brokers who have no incentive to
change their ways since there is no law governing their behavior,” Stevens
said.

Tuned into the current Capitol Hill clamor for federal action, both
companies said they support a data breach disclosure law as long as it
pre-empts any existing state laws. If forced to accept regulations, the
companies prefer to deal with one federal standard as opposed to a patchwork
of state laws.


Data breach disclosure to consumers is an integral part of the proposed bill
by Nelson and Schumer, as well as legislation sponsored by Sen. Dianne
Feinstein (D-Calif.).


“We desperately need a strong national standard that says whenever a data
system is breached, everyone who is at risk of identity theft must be
notified,” Feinstein told the Senate
Judiciary Committee last month.


While Feinstein’s bill focuses solely on data breach disclosure
requirements, Nelson supports giving the Federal Trade Commission (FTC) the
power to develop regulations on the sale of data by brokers. The bill would
also allow the FTC to fine violators and give consumers and states the right
to civil actions against data brokers who compromise a consumer’s personal
data.


Both Nelson and Feinstein base parts of their legislation on a recently
enacted California law requiring data brokers to inform residents if
their personal data is exposed to possible ID theft.


Both ChoicePoint and LexisNexis admitted
last month to unreported data breaches prior to the passage of the
California law.


“Without the California statute, we wouldn’t know about any of this,” Nelson
said.

News Around the Web