| Congress to Tighten Data-Broker Laws After US ID Breaches |
Congress to Tighten Data-Broker Laws After US ID Breaches
7:00 PM EDT August 1, 2005
WASHINGTON (AP)--Congress is preparing to tighten laws protecting consumers from identity theft amid several high-profile security breaches at companies such as industry giant ChoicePoint Inc. (CPS). Lawmakers said Congress could act on the measures as soon as next month.
"It's something people are concerned about," said Rep. Artur Davis, D-Ala. "I think voters are frustrated with the irrelevance of Congress dealing with everything except the things people are facing year in and year out."
Davis is sponsoring a bill to make data brokers, such as ChoicePoint and LexisNexis Group (LXN.XX), accountable to the same standards as financial institutions under the Fair Credit Reporting Act. It also sets guidelines for notifying customers and merchants when there is a likely security breach. Also sponsoring the measure are Reps. Melissa Bean, D-Ill., and Barney Frank, D-Mass.
Last week, the Senate Commerce Committee approved a version that effectively bans the commercial sale of Social Security numbers. That provision was by Sen. Byron Dorgan, D-N.D.
Although executives at ChoicePoint and other data brokers have indicated their support for notification standards at recent congressional hearings, they have been far more reluctant to endorse such a ban. Dorgan said it's necessary and cited 9 million cases of identity theft last year.
"Obviously there's some resistance to it," Dorgan said. "There are some pretty big interests that are buying and selling information who don't want anything like this in a piece of legislation. But if you're really serious about identity theft, you have to prohibit the sale of Social Security numbers."
Davis said he likes the idea, even though it isn't in his bill. His biggest gripe with the Senate version is that it creates one national standard for notification of breaches, rather than allowing states to set higher standards if they desire.
"My sense is I want to err on the side of the consumer," Davis said. "I want to give the consumer the information he or she needs. Consumers ought to be able to decide, 'You know what, this company has too many problems holding information for me to continue doing business with them."'
ChoicePoint didn't respond to requests Monday for the company's position on the legislation.
But Bruce Simpson, an analyst at Chicago-based brokerage and investment bank William Blair, said he expected most data brokers to oppose the Social Security sale ban.
Simpson said while the ban might raise some costs for the companies, it shouldn't be fatal to business. Social Security numbers are typically used as identifiers, so the companies would simply have to find another means, such as using birthdays.
"I think in general it's a rising tide lifting or lowering all boats," Simpson said. "It isn't as if you can go up to the big ChoicePoint jukebox and put a quarter in it and get someone's Social Security number."
In February, ChoicePoint disclosed that information from 145,000 customers may have been susceptible to theft. Bank of America (BAC), LexisNexis and other companies have also been called before Congress to talk about security breaches.
During one hearing, ChoicePoint vice president Don McGuffey warned that requiring the masking of Social Security numbers, using only a few numbers, could create "false positives," causing people to be mistaken for someone else.
However, McGuffey seemed to support calls for a national standard concerning whether the first five or last four digits should be published. |