WASHINGTON — Trumped by a long series of bankruptcy reform floor
votes, the Senate Banking Committee disappointed a jammed hearing room waiting to
hear ChoicePoint and Bank of America executives testify about their
embarrassing security gaffes.
The inquiry was postponed Thursday, mid-meeting.
With key votes coming at a rate of several an hour, the well- publicized
ID
theft hearing began late, was interrupted twice for votes and
ultimately
called off until a still undetermined date. Even when in session, the
Banking Committee never had more than three senators in attendance to
hear
the testimony of Federal Trade Commission (FTC) Chairman Deborah
Majoris and
officials from the Secret Service.
Those that did show, however, took ample opportunity to blast
ChoicePoint
and Bank of America for their security practices and none more so than
Charles Schumer (D-N.Y.), Patrick Leahy (D-Vt.) and John Corzine
(D-N.J.).
Schumer used his brief appearance to tout the “comprehensive” privacy
legislation he intends to introduce next week.
“In my mind, what bank robbery was to the Depression Era, identity
theft is
to the Information Age,” Schumer said. Saying that Congress needs to
learn
from the example of ChoicePoint to “replace the current patchwork of
state
and federal laws with a real security blanket — one that protects
privacy,
keeps Social Security numbers private, and prevents fraud and identity
theft.”
Schumer said his legislation would create an Office of Identity Theft
in the
FTC to have jurisdiction over companies that lawfully acquire and keep
personal consumer data. The bill will also call for companies to
demonstrate
a need for customers’ personal information before requiring it from
them.
Corzine also promised new legislation.
“Make no mistake about it, identity theft poses a very real threat to
our
economy and it is on the rise,” Corzine said. “In fact, it’s our
nation’s
fastest growing crime. And last year, identity theft complaints to the
Federal Trade Commission grew by 50 percent since 2002. With so many
instances of fraudsters seeking to abuse an individual’s good name, it
is
clear that more must be done to prevent the proliferation of identity
theft.”
The Corzine bill would require companies, including financial
institutions
and other commercial entities such third-party data collectors like
ChoicePoint to establish security systems that safeguard the sensitive
personal information they maintain for, or on behalf of, their
customers.
As part of that requirement, the company’s chief compliance officer, or
its
CEO, would be required to personally attest that the safeguards are in
place
and that the firm has an ongoing system of monitoring its compliance
with
federal guidelines.
Additionally, the bill also addresses victim notification and recovery
efforts by requiring firms to promptly notify affected customers,
credit
reporting agency and law enforcement when a breach, or loss, of
sensitive
customer information has occurred.
The Alpharetta, Ga.-based ChoicePoint, one of the country’s largest
data
warehouses, compiles data, including Social Security numbers and credit
reports, on virtually every American. In February, the company admitted
it
had been a victim of a criminal fraud, duped into turning over consumer
personal information.
Days later, Bank of America confirmed that computer data tapes
containing
U.S. federal government charge card program customer and account
information
were lost during shipment to a backup data center. The missing tapes
included personal information on 1.2 million federal employees.
“We know understand that this type of transport was routine, not only
for
Bank of America, but for the entire industry,” Leahy said.
“ChoicePoint’s bread-and-butter business includes identity verification
and
screening to help corporate America ‘know its customers.’ Yet
the company failed to know its own customers and sold personal
information on at least 145,000 Americans to criminals posing as legitimate
companies.”
ChoicePoint officials did not get an opportunity to testify at the hearing.