This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
The angry reactions to ChoicePoint's revelation that its database of personal consumer information had been compromised led politicians, in bandwagon fashion, to promise committee hearings and offer up improved legislation to enforce stricter privacy measures on companies dealing with consumer data. But maybe they're on to something. A recent survey revealed the deep ambivalence Americans have about computers' ability to safeguard such sensitive information as medical records. Sensing the potent
Politicians Target I.D. Theft
Just as information broker ChoicePoint Inc. finished sending notification letters last week to about 145,000 consumers whose personal data was placed at risk by con artists who gained access to the company's computers, the calls for more state and federal laws aimed at stemming the tide of identity theft got louder.
Senate Judiciary Committee chairman Arlen Specter, R-Pa., said he'll push for hearings soon on the issue of identity theft, and Democratic Sens. Dianne Feinstein of California, Patrick Leahy of Vermont, and Charles Schumer of New York called for new laws to help fight theft of personal data. "Our system of protecting people's identity is virtually nonexistent in this country," Schumer said at a press conference last week. "We have a patchwork of laws, some of them contradictory, most of them ineffective." He made those comments while criticizing information-broker Westlaw, a division of the Thomson Corp., for providing a service that makes it easy to access millions of Social Security numbers.
According to information on ChoicePoint's Web site, the company noticed potentially fraudulent activity in October and notified law enforcement in Los Angeles. Criminals using stolen identities posed as small businesses to gain access to ChoicePoint's information services. The scam enabled the fraudsters to obtain names, addresses, Social Security numbers, driver's license numbers, and in some cases "abbreviated" credit reports. In January, ChoicePoint said it was cleared by law enforcement to begin notifying California residents whose personal information had been stolen.
California is the only state with a law that requires organizations to notify residents when certain types of personal information is accessed by unauthorized people. Legislatures in New York and Texas have been considering enacting laws similar to California's SB 1386. Last week, following the ChoicePoint development, Georgia lawmakers started discussing that state's data disclosure law, and last month, Sen. Feinstein reintroduced a bill similar to California's on a federal level.
Such laws won't solve the problem, but they might help. "What we need here is companies being more secure with the information they handle," says Michael Overly, a technology attorney with law firm Foley & Lardner. While new laws won't stop such crimes, "companies will spend more on security because they won't want to go through this embarrassment." If the federal government doesn't pass a uniform law, companies could be forced to deal with a raft of state laws. "That would be a mess," Overly says.
A federal law also would force all companies to invest equally in security, says Bruce Schneier, founder and chief technology officer of Counterpane Internet Security Inc. "Federal regulation would even the [security-investment] playing field for all companies," Schneier says, so companies that do spend on security won't be at a financial disadvantage to those that don't.
-- George V. Hulme
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
The State of IT & Cybersecurity Operations 2020Download this report from InformationWeek, in partnership with Dark Reading, to learn more about how today's IT operations teams work with cybersecurity operations, what technologies they are using, and how they communicate and share responsibility--or create risk by failing to do so. Get it now!