Senate Turns Attention to Data Privacy


The Senate Judiciary Committee expects to vote next week on legislation
making it a crime for data brokers to conceal a security breach involving
personal data and increasing penalties for computer fraud when the act
involves personal data.


The bill adds a legal bite to legislation already approved by the Senate
Commerce Committee in July requiring data brokers, government agencies and
educational institutions to disclose security breaches to consumers within
45 days if there is a “reasonable risk” of identity theft involved in the
breach.


The evidence of possible identity theft includes such factors as whether the
data containing sensitive information is usable by an unauthorized third
party and whether the data is in the possession of an unauthorized third
party that is likely to commit identity theft.


Although several bills similar to the Senate legislation have been
introduced in the House, that chamber has yet to get a bill through a
committee vote.


The Senate Judiciary originally intended to vote on the data breach
disclosure law earlier this week, but the panel postponed the vote to focus
on the nomination of Judge John Roberts as Chief Justice of the Supreme
Court.


Currently, only California requires data brokers to reveal their breaches to
the public. Only because of that state law, brokers such as ChoicePoint began disclosing in January a series of breaches involving tens of millions of consumer files containing sensitive personal information.


Prior to the California disclosure law, data brokers admitted in testimony
before Congress they simply did not inform consumers of data breaches and
the resulting threat of identity theft.


Responding to the public outcry over the lack of disclosure imposed on data
brokers, Congress promised swift action on national legislation following
the California model. Although both the House and Senate held high profile
hearings with much posturing for the voters back home, little has been
accomplished in terms of actual legislation.


With lawmakers hoping to conclude their 2005 business by the end of October
and another Supreme Court nomination soon to be before the Senate, time is
running short for any sort of data breach disclosure law in the first
session of the 109th Congress.


In addition to making it a crime to conceal a data breach, the legislation
before the Judiciary Committee limits the buying, selling or displaying of a
Social Security number without prior consumer consent. It also bars
government agencies from posting on the Internet public records that contain
Social Security numbers.


“Too many of my constituents feel they have lost control over their own
information. Congress must return some power to individual Americans so that
we can all better understand and manage what happens to our own personal
data,” Sen. Russell Feingold (D-Wis.) said when the bill was introduced.


Feingold noted the legislation also adds provisions to also regulate the
federal government’s use of commercial data.


“While I believe the government should be able to access commercial
databases in appropriate circumstances, there are few existing rules or
guidelines to ensure this information is used responsibly,” he said. “There
is a great deal we do not know about government use of commercial data, even
in clearly appropriate circumstances such as when the agency’s goal is
simply to locate an individual already suspected of a crime.”


The bill requires that federal agencies that subscribe to commercial data
adopt standards governing its use.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web