With growing evidence that Americans want new data privacy laws, the U.S.
Senate opens a series of hearing today on legislative solutions to data
breaches and identity theft.
Thursday’s full Senate Commerce Committee hearing will not
specifically address any of the several bills introduced in the 109th
Congress, which combat identity theft and force data brokers to disclose
breaches of personal information to consumers.
Instead, the panel will hear from all five members of the Federal Trade
Commission, which most likely would be charged with enforcing any new data
privacy laws. Vermont Attorney General William Sorrell will also be
representing the National Association of Attorneys General.
The hearing comes just one day after the release of an Entrust survey showing 71 percent of Americans believe new laws are
needed to protect consumer privacy on the Internet.
“The results of this survey should serve as a wake-up call to policy-makers
and business leaders,” Entrust CEO Bill Conner said in a statement. “Voters
view identity theft as a white hot issue and want the government to protect
them. In the interim, they are voting with their keyboards by curtailing
their online transactions.”
According to the survey of 1,003 likely U.S. voters, 97 percent of the
respondents rate identity theft as a serious problem, with 48 percent saying
they now avoid online purchases out of fear of their financial data being
stolen.
Conner urged Congress to enact a uniform national breach notification law
for unauthorized acquisition of unencrypted personal information.
Momentum is growing for a national data breach disclosure in the wake of
numerous disclosures this year of data brokers, banks and universities
losing or exposing the personal information of millions of consumers.
The disclosures would not have come to light except for a new California law
that requires a business or government agency to notify an individual in
writing or by e-mail when it is believed that unencrypted personal
information has been compromised.
The success of the California law is prompting a number of states to pursue
the legislation. In the face of the apparent inevitability of numerous
state laws, technology lobbyists are now pursuing a national disclosure law
that would pre-empt all state laws.
California Democrat Dianne Feinstein, a member of the Senate Commerce Committee, is
expected to push her two-year-old legislation that goes beyond the
requirements of the California state law.
Feinstein’s bill seeks to force businesses and governments to disclose data
breaches of both unencrypted and encrypted data. The legislation proposes a
$1,000 per individual civil fine for failure to notify or not more than
$50,000 per day while the failure to notify continues.
Feinstein’s bill makes only two exceptions to notifying consumers of a data
breach: by the written request of law enforcement for the purposes of a
criminal investigation and for national security purposes.
“We desperately need a strong national standard that says whenever a data
system is breached, everyone who is at risk of identity theft must be
notified,” Feinstein said in a statement. “The fact of the matter is that
your buying habits, your bank accounts, your Social Security number, your
driver’s license — all of your personal data — today is being collected,
collated, distributed, bought, sold, without your knowledge or consent.”
Entrust’s Conner said Wednesday private businesses should be as concerned as
lawmakers.
“Organizations that depend on online transactions risk financial loss and
brand erosion unless they act quickly to protect sensitive information both
in transit and at rest,” Conner said. “They must deploy blended security
applications that make use of strong authentication and encryption
technologies.”