With high-profile breaches at data providers ChoicePoint and LexisNexis and loss of data at retailers DSW Shoe Warehouse and Polo Ralph Lauren, lawmakers are proposing legislation to stem the flow of personal information.
Proposals include a Federal Trade Commission office of identity theft and a requirement that data providers to register with the FTC. Other provisions would institute safeguards to prevent fraudulent access to data and give consumers access and the option to fix errors, MSN Money reported.
New York Attorney General Eliot Spitzer called Monday for state legislation aimed at reducing identity theft through regulation of data brokers, consumer opt outs, mandatory data breach disclosure and tougher penalties for identity thieves and hackers, among other provisions, MSN Money reported.
The legislative rally cries came as data brokers ChoicePoint and LexisNexis assured the public that they have corrected the errors that led to the breaches. However, consumers are urged to be wary, MarketWatch reported.
At best consumers are notified that a possible breach may have occurred, which compromises their personal information. That still leaves the consumer to clean up the mess created when thieves use their data illegally.
Consumers would also be surprised at what information is not covered by law. While the Fair Credit Reporting Act and other laws guide and limit companies dealing in credit-report, financial-services or health-related data-and provide consumer safeguards should a theft occur in that realm-there's plenty of other information, including your Social Security number, that's not necessarily covered by law, MarketWatch reported.
"There's a big disjoint between what the public perceives as being confidential and secret, and what is actually public information," Bradley Gross, an Internet fraud expert and a partner at Becker & Poliakoff, a law firm in Fort Lauderdale, FL, told MarketWatch.
"There is a tremendous overlap between what is public and what people consider to be confidential.”