Senate Ponders National ID-Theft Notification - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Senate Ponders National ID-Theft Notification

The Senate Judiciary Committee held a hearing Wednesday on identity theft as it took up legislation introduced this week by Sen. Dianne Feinstein, D-Calif., who hopes to beef up federal laws and bring to everyone the protection currently enjoyed only by Californians.

The Senate Judiciary Committee held a hearing Wednesday on identity theft as it took up legislation introduced this week by Sen. Dianne Feinstein (D-Calif.), who hopes to beef up federal laws bring to everyone the protection currently enjoyed only by Californians.

The committee's hearing Wednesday morning included testimony from Deborah Platt Majoras, the chairman of the Federal Trade Commission (FTC), officials from the FBI and Secret Service, representatives from privacy advocacy groups, and executives from ChoicePoint and LexisNexis, firms that sold identities to fraudsters and had a database hacked, respectively.

"In the past few months, we have become aware of a string of major security breaches involving large firms such as ChoicePoint, Bank of America, and Seisint, a LexisNexis subsidiary," said Sen. Patrick Leahy (D-Vt.) in opening the hearing. "These incidents demonstrate the susceptibility of our most personal data to relatively unsophisticated scams and logistical mishaps, and they raise broader concerns about the misappropriation of personal information and identity theft."

Judiciary is taking testimony as it begins to consider Feinstein's newest ID Theft Notification Bill, an overhaul of similar legislation she introduced in the last session of Congress, and trumpeted in February. "After additional discussions with privacy rights advocates, it became clear that much more needed to be done to protect Americans," Feinstein said in a statement as she explained why she strengthened the bill.

Based on California's Security Breach Information Act, which requires companies to notify users when identity data has been exposed, Feinstein's version closes several loopholes in the California statute.

Her bill covers both electronic and non-electronic data, as well as encrypted and non-encrypted data, lets consumers put a seven-year fraud alert on their credit report, lays out the specific requirements companies must meet when they notify users, and levies stiffer penalties for non-compliance.

California's law -- the only one of its kind in the country -- doesn't cover encrypted data, for instance, and leaves the details of notification to the companies whose information has been hijacked.

"We desperately need a strong national standard that says whenever a data system is breached, everyone who is at risk of identity theft must be notified," said Feinstein.

Among those supporting a national notification law was Douglas C. Curling, the chief operating officer and president of ChoicePoint, the firm which in February sent 145,000 notifications to people in 50 states whose personal information may have been sold to con artists last October.

Still chastised by the scandal, Curling said "Let me again offer our sincere apology to those consumers whose information may have been accessed by the criminals who perpetrated this fraud," at the start of his prepared statement to the committee.

"One of the most fundamental liberties of being an American is the right to be let alone," added Sen. Leahy. "When you invade someone's privacy or treat it glibly, you trample on that liberty. That's why we need privacy, and that's why we should vigilantly protect it."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of IT & Cybersecurity Operations 2020
The State of IT & Cybersecurity Operations 2020
Download this report from InformationWeek, in partnership with Dark Reading, to learn more about how today's IT operations teams work with cybersecurity operations, what technologies they are using, and how they communicate and share responsibility--or create risk by failing to do so. Get it now!
IT Careers: 10 Industries with Job Openings Right Now
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/27/2020
How 5G Rollout May Benefit Businesses More than Consumers
Joao-Pierre S. Ruth, Senior Writer,  5/21/2020
IT Leadership in Education: Getting Online School Right
Jessica Davis, Senior Editor, Enterprise Apps,  5/20/2020
Register for InformationWeek Newsletters
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll