New Bill Proposes Tougher Punishments for Identity Theft
The Personal Data Privacy and Security Act would require enterprises with more than 10,000 customers to implement a security and auditing plan and to notify their patrons when there is a suspected breach.
In late June, Sens. Arlen Specter (R-Pa.) and Patrick Leahy (D-Vt.) introduced a new bill--S.1332, Personal Data Privacy and Security Act of 2005. This sweeping legislation raises the punishments for identity theft and stipulates security measures for protecting Personally Identifiable Information (PII) and Social Security numbers.
Among other things, the new bill requires enterprises with PII on more than 10,000 customers to implement a security and auditing plan and to notify customers nationwide when there is a suspected security breach.
You didn't need a crystal ball to see a bill like this coming, and it's high time, too. The number of lost or stolen personal records this year alone exceeds 49 million, which means millions of people may be victims of identity theft.
The proposed legislation could be stronger. For example, we'd like to see it applied not just to large corporations but to companies with as few as 1,000 PII records. And at this point, there's no guarantee this particular bill will pass. But rest assured that Congress will enact legislation on this topic--sooner or later.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.