Schumer said comprehensive legislation is needed in an area that is largely unregulated at the federal level and governed by a patchwork of sometimes-conflicting state laws.
California, for example, requires companies to report breaches of their systems that result in exposure of personal data, a law that prompted disclosure of the theft at ChoicePoint.
Sen. Charles E. Schumer (D-N.Y.) yesterday showed examples of personal information obtained from Westlaw, an online database.
(Melina Mara -- The Washington Post)
Sen. Dianne Feinstein (D-Calif.) has proposed a similar federal law, which has been opposed by many technology and database companies.
In a news conference, at which were shown reproductions of Web pages displaying personal data of famous people, Schumer detailed how his staff was able to quickly retrieve Social Security numbers and addresses of former attorney general John D. Ashcroft, former homeland security secretary Tom Ridge, executives of Westlaw and others.
They tried President Bush, Schumer said, but his address came up as 1400 Pennsylvania Ave., instead of the White House's address of 1600 Pennsylvania Ave.
"Westlaw's service could be entitled 'Identity Theft for Dummies,'" Schumer said. "To my mind, what bank robbery was to the Depression era, identity theft is to the information age. Everyone's susceptible."
In a written statement, Thomson West, the firm that operates Westlaw, said it shares Schumer's concerns about privacy and identity theft. But the company denied the senator's claims that it has been unresponsive to his inquiries.
Researchers at The Washington Post, a Westlaw subscriber, sought to replicate Schumer's exercise and found that only the first five digits of an individual's Social Security number were displayed.
But a Schumer spokesman said that a researcher at a major corporation not involved in credit checks or other investigations was able to get the complete numbers.
A spokesman for LexisNexis, a Westlaw competitor, said law-enforcement agencies, insurance and financial institutions can also get full Social Security data through LexisNexis's service. But even if a potential customer is in the right industry, he said, they are screened to ensure they are legitimate.
Privacy experts say that in addition to raising questions about how well personal information is protected, the disclosures indicate an extreme overuse of Social Security numbers for identification.
"It has become the default identifier" for many commercial businesses, banks and Web sites, said Ari Schwartz, associate director of the Center for Democracy and Technology, a Washington group that studies digital rights and privacy issues.
When personal information is compromised, a Social Security number can be used as a tool for identity theft.
Many privacy advocates have urged businesses to create unique identification numbers for customers to use.
"The reliance on the Social Security number has created a false sense of security for businesses and a source of vulnerability for consumers," Schwartz said.