washingtonpost.com  > Technology > Special Reports > Privacy

States Scramble To Protect Data

Dozens of Privacy Bills Introduced After Spate of Security Breaches

By Jonathan Krim
Washington Post Staff Writer
Saturday, April 9, 2005; Page E01

Legislatures in more than two dozen states are considering ways to give consumers more control over personal information that is collected and sold by private firms, but many of the proposals are drawing fire from financial services companies.

Bills are on the table in 28 states responding to a series of high-profile security breaches at information brokers, banks and universities that so far this year have resulted in more than 1 million Social Security numbers, driver's license numbers, names and addresses falling into the hands of potential identity thieves.

_____Related News_____
Net Aids Access to Sensitive ID Data (The Washington Post, Apr 4, 2005)
Banking Rules Address Theft Of Customers' Private Data (The Washington Post, Mar 24, 2005)
Data Under Siege (The Washington Post, Mar 10, 2005)
In Age of Security, Firm Mines Wealth Of Personal Data (The Washington Post, Jan 20, 2005)

In the most recent case, a medical group in San Jose announced yesterday that records on roughly 185,000 current and former patients may have been exposed after two of its computers were stolen.

The state activity is being closely tracked on Capitol Hill, where several House and Senate members have introduced or are preparing identity theft legislation.

Generally, the various state bills do not target how thieves are obtaining data, through hacking, fraud or other means. But consumer groups and privacy advocates, who are championing many of the initiatives, say they would help shield consumers from the havoc and damage that identity theft can cause.

One group of bills would allow consumers to "freeze" their credit reports so that sensitive data could not be given out to anyone without permission from the individual each time the data were requested.

Identity thieves often strike by obtaining a piece of private information, such as a Social Security number, and then using it to establish credit and make purchases.

Credit-freeze bills are moving through legislatures in about 20 states. In some cases, any consumer could order a freeze at any time. In other states, only people whose data have been breached would have that option.

"For years consumers have been told to take steps to protect their data by buying personal shredders and changing their passwords," said Kerry Smith, senior consumer attorney with state Public Interest Research Groups. "But, as the ChoicePoint and other scandals demonstrate, consumers have little control over their personal information. With the security freeze in place, consumers would be able to lock identity thieves out of their credit files."

Trade groups representing banks, mortgage brokers and credit bureaus are lobbying hard to defeat the freeze idea, arguing that it would cause consumers unforeseen headaches.

CONTINUED    1 2    Next >

© 2005 The Washington Post Company