The Senate Commerce Committee Thursday moved on the identity and data theft protection bill put forward by its members, unanimously passing it to send the first such legislation to the full Senate.
The Identity Theft Protection Act, which was introduced by Sen. Gordon Smith (R-Ore.) and Sen. Bill Nelson (D-Fla.), requires data holders to notify consumers when data's stolen or lost; limits the trade in Social Security numbers; and gives Americans the option of freezing their credit histories to prevent thieves from opening credit lines using stolen identities.
Before passing, the bill was amended to further restrict Social Security disclosure by prohibiting the sale, purchase, or distribution of the numbers without the owner's permission.
The bill was the first in Congress to make it out of committee, although there are several other pieces of legislation awaiting votes in the Senate; the House is significantly behind in working up legislation to tackle the data breach brouhaha, which began earlier this year with the disclosure by ChoicePoint that fraudsters had been sold millions of consumer records.
Under the Commerce Committee's bill, businesses and other organizations which suffered a data loss would have to disclose it to the affected consumers, even if the data had been encrypted.