A series of high-profile security breaches has prompted lawmakers to consider requiring companies to notify consumers if their personal information has been lost, stolen or otherwise released.
“The fact of the matter is that your buying habits, your bank accounts, your Social Security number, your driver's license - all of your personal data - today is being collected, collated, distributed, bought, sold - without your knowledge or consent,” said Sen. Dianne Feinstein, D-Calif., in a statement. Feinstein modeled national legislation after California's tough ID theft notification law, the only one of its kind in the country.
The bill is a beefed-up version of legislation she introduced in the last session of Congress. The bill outlines the requirements companies must follow to notify users of a security breach, allows consumers to put a seven-year fraud alert on their credit report and spells out stiff penalties for companies that don't follow the law.
The Senate Judiciary Committee last week heard comments from the Federal Trade Commission, FBI and Secret Service, privacy advocates and executives from LexisNexis and ChoicePoint, where security breaches made headlines and angered consumer advocates.
ChoicePoint President Douglas C. Curling told the committee, “Let me again offer our sincere apology to those consumers whose information may have been accessed by the criminals who perpetrated this fraud," according to TechWeb News. His company sent out 145,000 notices last year after personal information was sold to an identity theft ring posing as a legitimate business.
At LexisNexis, identify thieves accessed Social Security numbers, driver's licenses and other records of about 32,000 consumers last month.
The problems are not confined to private companies. The Government Accountability Office has recommended that the Internal Revenue Service strengthen security over taxpayer information. “Until IRS fully implements a comprehensive agencywide information security program, its facilities and computing resources and the information that is processed, stored and transmitted on its systems will remain vulnerable,” a GAO report reads.
Sen. Patrick Leahy, D-Vt., said at the hearing, "One of the most fundamental liberties of being an American is the right to be let alone. When you invade someone's privacy or treat it glibly, you trample on that liberty. That's why we need privacy, and that's why we should vigilantly protect it."