http://www.wired.com/news/politics/0,1283,69525,00.html By Ryan Singel Nov. 10, 2005 Despite the seemingly unending torrent of citizens' data pouring into the hands of identity thieves, Congress is unlikely to pass any data-security bills by the end of the year, according to Hill watchers. And consumer advocates say that's a good thing. After the nationwide uproar when ChoicePoint admitted it sold 145,000 dossiers to Nigerian identity thieves, 20 states followed California's lead and passed laws requiring companies to notify citizens when their data had been compromised. Now, companies are already acting as if the country had a national notification law, said Gail Hillebrand, a senior attorney at Consumers Union [1]. In addition, Hillebrand said the strict state laws are more consumer-friendly than any proposals in Congress. "I would rather see Congress fail to act than pass a weak federal bill that gives less notice than consumers are already getting due to stronger state laws," Hillebrand said. Chris Hoofnagle, director of the Electronic Privacy Information Center West [2], echoed Hillebrand's assessment, adding that as new state laws go into effect in the beginning of 2006, federal lawmakers will face pressure from states that don't want their legislation overridden by Congress. "Consumers will get a better deal with no federal bill this year," Hoofnagle said. In particular, Hoofnagle and Hillebrand point to portions of several congressional bills that would require notification only if the company determines it is likely that identity theft will happen. By contrast, California requires businesses or agencies to notify anyone whose name and Social Security number, or credit card number, was acquired by an unauthorized person. Though banks and data brokers have long opposed federal privacy legislation in favor of self-regulation, both industries are now asking Congress to step in to create a single national standard and cap the limits on their liability in case of a breach. Congress' progress toward a final bill has been stalled by the sheer number of proposed bills and the number of committees that claim jurisdiction over consumer rights, financial institutions and data brokers. Just last week, a House consumer-protection subcommittee approved, by a party-line vote, a bill [3] by Florida Republican Cliff Stearns, while a House financial-services subcommittee will hear testimony on a separate bill [4] Wednesday. It is unlikely that Congress will be able to decide on a single bill before it recesses in December, though the issue is expected to remain a priority when Congress reconvenes. Also at issue in the debate are state laws that allow consumers to pre-emptively "freeze" their credit reports so identity thieves cannot open new accounts without knowing a security code. For instance, New Jersey's new law, which goes into effect Jan. 1, allows residents to freeze their credit for free and then pay a $5 dollar fee to each credit bureau to open the report when they apply for a line of credit. Notification laws help, but credit freezes protect you from thefts you don't even know about, according to Abigail Caplovitz, legislative advocate for New Jersey Public Interest Research Group [5]. "We now live in the identity-theft world," Caplovitz said. "We need credit bureaus to change how they do business." [1] http://www.consumersunion.org/ [2] http://www.epic.org/west/ [3] http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=109_cong_bills&docid=h4127ih.txt [4] http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=109_cong_bills&docid=h3997ih.txt [5] http://www.njpirg.org/ _________________________________________ Earn your Master's degree in Information Security ONLINE www.msia.norwich.edu/csi Study IA management practices and the latest infosec issues. Norwich University is an NSA Center of Excellence.
This archive was generated by hypermail 2.1.3 : Fri Nov 11 2005 - 01:21:43 PST