Congress offers competing ideas on fighting ID theft

IDG News Service - WASHINGTON -- Several U.S. senators pushed for new identity theft regulations on U.S. businesses, but a number of conflicting ideas were presented at a hearing yesterday, including a proposal requiring licensing of companies that sell personal data.
U.S. companies reported that 9.6 million personal records have been lost since early February, prompting members of the Senate Commerce, Science and Transportation Committee to say they're ready to act, although they have competing ideas of what to do.
"If this isn't an eye-opening threat to Americans' privacy, then I don't know what is," said Sen. Bill Nelson (D-Fla.), a co-sponsor of a wide-ranging ID theft bill. "Consumers are losing trust in our system of electronic commerce."
A survey released Wednesday by the Cyber Security Industry Alliance advocacy group seemed to support Nelson's concern. Of 1,003 likely voters surveyed, 97% said identity theft is a serious problem. Forty-eight percent indicated that they avoid making purchases on the Internet because they are afraid their financial information may be stolen. Seventy-one percent of those surveyed said new laws are necessary to protect consumer privacy on the Internet.
Beyond the 20-plus bills in Congress that deal with ID theft in some way, committee members came up with more ideas at the hearing. Sen. Conrad Burns (R-Mont.) suggested that all so-called data brokers -- businesses that sell personal data -- be licensed by the government. Data broker ChoicePoint Inc.'s disclosure in February that it had given data on 145,000 U.S. residents to ID thieves was the first in a series of large-scale data breaches this year (see story).
"I'm coming down on the side of [saying that] anybody who collects information has to have a license to do so, or is outside the law and should be shut down," Burns said. "I think they need to have some reasonable license that gives them guidelines to do business in this arena."
Some senators pushed for a national law that would require businesses that have data breaches to inform potential victims, but witnesses disagreed on what form such a law should take. William Sorrell, the attorney general of Vermont, urged the committee to pass a national data-breach notification law that wouldn't preempt tougher state laws.
State law enforcement officials can help investigate and prosecute ID thieves, he said, and states can pass "innovative" laws to protect consumers, such as recent laws passed by seven states that allow consumers to freeze credit to prevent new accounts from being opened in their names. A national law shouldn't preempt those laws, he

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.