Information brokers that collect and sell personal data on virtually every U.S. adult should be subject to the same requirements to keep data secure as banks and other financial institutions, the head of the Federal Trade Commission told Congress yesterday.
FTC Chairman Deborah Platt Majoras told the Senate Banking Committee that better security is "an immediate need" in the largely unregulated database business. Her testimony comes after a series of breaches at companies resulted in private data on more than 175,000 people falling into the hands of identity thieves.
When Your Identity Is Their Commodity (The Washington Post, Mar 6, 2005)
ChoicePoint Data Cache Became a Powder Keg (The Washington Post, Mar 5, 2005)
Databases Called Lax With Personal Information (The Washington Post, Feb 25, 2005)
ChoicePoint Victims Have Work Ahead (The Washington Post, Feb 23, 2005)
ID Data Conned From Firm (The Washington Post, Feb 17, 2005)
In Age of Security, Firm Mines Wealth Of Personal Data (The Washington Post, Jan 20, 2005)
Financial institutions are required to take a number of steps to safeguard personal information, including having written security plans, employee training and technology to detect and respond to intrusions. Some data brokers double as financial institutions and are covered by existing law. But other big players, such as ChoicePoint Inc. and LexisNexis Group, both of which suffered recent breaches, are not.
Majoras also encouraged Congress to consider a national law requiring that consumers be notified if their information has been obtained by hackers or fraud artists who penetrate the security of the data brokers.
Only California has such a law, which is credited with forcing ChoicePoint to reveal last month that thieves posing as legitimate businesses gained access to records on 145,000 consumers. In the past, the industry has opposed a national notification law.
Though she was not speaking for the full FTC, Majoras's comments are likely to increase pressure for congressional action, as concern over the breaches grows. Sen Charles E. Schumer (D-N.Y) promised at the hearing that he would introduce comprehensive identity theft legislation, as have several other members of the House and Senate.