Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, August 18, 2005

Bills could make businesses do more to prevent ID theft

Businesses better take steps to protect the personal data of consumers and employees or face the wrath of Congress, an identity theft prevention expert warns.  John Gardner, an independent associate with Pre-Paid Legal Services in Darlington, S.C., in a Birmingham seminar last week, outlined several proposed bills that could make businesses liable for negligence that leads to identity theft.  At least a half-dozen bills are under consideration in Congress to help fight identity theft.

The Wall Street Journal reported recently that security breaches exposing customer data have triggere
d lawsuits across the country.  The Federal Trade Commission says 9 million Americans had their identities stolen last year, costing businesses and consumers $50 billion a year in fraudulent spending.

Last month, U.S. Rep. Artur Davis, D-Birmingham, co-sponsored the Consumer Data Security and Notification Act of 2005, along with Democratic Reps.  The bill provides stronger consumer protections and enforcement against credit-card fraud and identity theft by expanding federal protections against improper collection and sale of sensitive consumer information.  It also provides consumers with advance warning when their personal information is at risk.  Davis was joined at a recent press conference at Birmingham Police headquarters by several attorneys general who outlined the challenges they face fighting ID theft.  Among Davis’ supporters was Birmingham Police Chief Annetta Nunn, who said someone recently stole a credit card mailed to her home and ran up thousands of dollars in charges.  “Congress needs to strengthen federal standards to provide more rigorous safeguards against the rising problem of identity theft,” Davis said.

Also in July, a Senate Commerce Committee unanimously approved a bill that would clamp down on how corporations handle consumers’ personal information.  The Identity Theft Protection Act would require nonfinancial companies, such as data brokers, that handle sensitive personal information to ensure its security and confidentiality with safeguards specified by the Federal Trade Commission.  If the security is breached and the company determines it creates a “reasonable risk” of identity theft, the company would have to notify affected consumers or face fines of up to $11,000 per consumer.  Ted Stevens, R-Alaska, who chairs the commerce committee, said the full Senate will not vote on the Identity Theft Protection Act until he completes negotiations on a jurisdictional dispute with Senate Banking Committee Chairman Richard Shelby, R-Tuscaloosa.

The Alabama Republican has asserted jurisdiction over sections of the Senate Commerce bill that deal with the Fair Credit Reporting Act.  The American Banker recently reported that Shelby is drafting a bill that sources speculate may bar financial services companies from using service providers that do not follow strict data security standards.  Gardner said recent high-profile data security breaches have exposed the vulnerability at many U.S. companies.  “Identity theft is a major problem and businesses must adjust to prevent it,” he said.

Posted on 08/18