U.S. lawmakers push for data privacy legislation

Fallout from the ChoicePoint and LexisNexis data breaches continues

By Grant Gross

March 16, 2005 12:00 PM ET

Recommended

IDG News Service - Following the disclosure of two recent large-scale identity theft operations, the U.S. data brokerage industry will likely face new laws this year governing what personal data it can collect and share, several U.S. lawmakers said yesterday.
As the CEOs of ChoicePoint Inc. and a LexisNexis division looked on, nearly all the members of a House of Representatives subcommittee blasted the companies for collecting personal data and sharing it with other companies without telling the people whose data is being collected. Since mid-February, both companies have disclosed that identity thieves have stolen the personal information of tens of thousands of U.S. residents (see story).
Rep. Joe Barton (R-Texas), chairman of the House Energy and Commerce Committee, called such security breaches "intolerable," and he promised to look into legislation that would regulate data brokers, including a ban on the sale of Social Security numbers without the permission of the owner, except when needed by law enforcement.
In the Internet age, ID thieves have easy access to personal information such as bank records contained in huge databases operated by data brokers, said Barton. "Under current law, anyone has a near-perfect right to package your personal information and do almost anything they want with it," he said. "They can change it, share it, rent it or sell it. The constraints are so flimsy they're laughable."
The two companies' chief executives seemed to disagree, saying most of the personal information they collect is governed by the U.S. Fair Credit Reporting Act, which allows individuals to check their credit records and ask credit reporting agencies to make corrections.
A law that would prohibit almost all sales of Social Security numbers could hamper financial institutions investigating fraud, bill collection companies and law enforcement investigations, said Derek Smith, chairman and CEO of ChoicePoint, and Kurt Sanford, president and CEO of U.S. Corporate and Federal Government Markets at LexisNexis. In some cases, consumers may not give explicit permission for a data broker to share their Social Security numbers in transactions that benefit them, such as pre-employment background checks, Smith said.
Smith told lawmakers that his company provides a valuable service to lenders, insurance companies and even law enforcement agencies hunting criminals. ChoicePoint has done "some serious soul searching" since its breach and has decided that it should have acted more quickly, he said.
"Every advance in technology that makes our lives easier also makes it easier for our enemies to move swiftly against us," Smith said. "You and I can be approved for a bank account in a matter

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Legislation/Regulation

Additional Resources

Xerox

Win a color printer!

By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!

Microsoft

Upgrade to Internet Explorer 8 today.

Save time and mitigate security risk. Deploy it now.

Sybase

NEXT-GENERATION MOBILITY PLATFORMS

In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.