Data companies promote weaker federal law Posted by mitcka at 12/28/05 11:54 AM

State legislatures--with the help of Consumers Union e-activists who sent thousands of letters during the last round of state legislative sessions--have passed significant reforms that will give you notice if a private company holding your data suffers a security breach. Twelve states have given consumers the right to control the release of credit report information so that thieves cannot open accounts in their name. So now the industry goes to Congress.

"Bills introduced in Congress after lapses at information broker ChoicePoint Inc., LexisNexis and elsewhere would supersede a growing number of state laws, many of which impose stricter standards on data brokers, banks and credit reporting agencies. Rigorous disclosure requirements in California's law — the first in the nation, in effect since 2003 — brought many of the breaches to light.

Following California's lead, the number of states requiring companies to disclose the loss of sensitive personal information — credit card and Social Security numbers, for example — has grown to 22. Twelve states, triple the number a year ago, allow some consumers to prevent credit applications from being made in their name or let consumers block access to their credit records."

These strong new laws could be up ended if Congress pre-empts them with a weaker federal alternative. In order to promote their Congressional proposals, the data industry has paid for studies that discount the role of data security as a factor in identity theft.

"To press their case, companies and industry groups have testified and written to members of Congress and have underwritten studies that play down the threat of online identity theft.

In August, Indiana University law professor Fred H. Cate began circulating a paper arguing that some types of identity fraud were declining. Cate, a frequent congressional witness and widely quoted authority on data security, declared: "Information security breaches are among the least common ways that personal information falls into the wrong hands. In 2005, the most common source of personal information that resulted in an identity-based fraud, by a factor of two to one over any other category, was 'lost or stolen wallet, checkbook or credit card.' "

A footnote attributed that statistic to its original source, a January 2005 study by Pleasanton, Calif.-based Javelin Strategy & Research. Javelin and several trade groups have trumpeted the finding for months, along with Javelin's related conclusion that 72% of identify theft begins offline.

Cate failed to disclose that the relevant Javelin data came from the 54% of consumer fraud victims surveyed who said they knew how their personal information was taken. The remaining 46% had no idea.

Federal Trade Commission officials said this year that the latter group logically would include a much higher percentage of victims of major electronic security breaches, computer spyware and phishing, online come-ons that trick people into revealing their personal information."

That study was paid for by a consortium of banks and credit card companies, while a company called ID Analytics produced another also purporting to show again that data security breaches are rarely involved in identity theft. ID Analytics works for banks to identify fraudulent credit card applications.

Most of the nation's Attorneys General oppose pre-emption of stronger state laws. These new state laws should be given a chance to work before the federal government rewrites them.

comments (2)

1 Posted by ervan at 01/04/06 04:50 PM

It's a sad state of affairs when our federal government continually overrides the will of the people in deciding their own laws.

2 Posted by tony hart at 01/24/06 08:42 AM

i wrote my reps/senators suggesting both criminal and civil penalties for any breach of security, and that any company holding information be required to provide the consumer with the data they keep as well as a mechanism to fix it. your vote should consider their positions.