In late June, Sens. Arlen Specter (R-Pa.) and Patrick Leahy (D-Vt.) introduced a new bill--S.1332, Personal Data Privacy and Security Act of 2005. This sweeping legislation raises the punishments for identity theft and stipulates security measures for protecting Personally Identifiable Information (PII) and Social Security numbers.
Among other things, the new bill requires enterprises with PII on more than 10,000 customers to implement a security and auditing plan and to notify customers nationwide when there is a suspected security breach.
You didn't need a crystal ball to see a bill like this coming, and it's high time, too. The number of lost or stolen personal records this year alone exceeds 49 million, which means millions of people may be victims of identity theft.
The proposed legislation could be stronger. For example, we'd like to see it applied not just to large corporations but to companies with as few as 1,000 PII records. And at this point, there's no guarantee this particular bill will pass. But rest assured that Congress will enact legislation on this topic--sooner or later.