Month: June 2005

Arlen Specter (R-Pa.), the chairman of the Judiciary Committee, and that committee’s ranking member, Sen. Patrick Leahy (D-Vt.) rolled out the most aggressive bill yet in reaction to the wave of security gaffes that have exposed millions of Americans’ identities since the first of the year.

Among its provisions, the Personal Data Privacy and Security Act of 2005 would create a new computer crime classification — aggravated fraud — that would add two years of additional jail time for obtaining or access another’s digital ID; severely restrict the use of Social Security numbers as account identifiers or numbers; and hold company executives responsible if they hide a data breach.

Both Leahy and Specter predicted quick passage of the bill, which is the first to sport a Republican as sponsor.

Several other bills that take on the data exposure problem have come from several prominent Democrats, including Dianne Feinstein (D-Calif.) and Charles Schumer (D-N.Y.).

— Add new penalties to the books by extending computer fraud to cover unauthorized access of data brokers’ systems (the statute already covers financial institutions and credit card issuers), meaning that criminals could face up to 10 years in jail; giving the government the power to invoke racketeering charges using the RICO statue to prosecute criminal gangs trading in identities; and putting company officials in prison for up to 5 years if they conceal a data breach.

— Enact a bevy of new regulations that cover “data brokers,” defined as business or non-profits “in the practice of collecting, transmitting, or otherwise providing personally identifiable information on a nationwide basis on more than 5,000 individuals.”

Among the regulations: data brokers would have to allow consumers the chance to change their information, and as with a credit report, receive a copy of that information at their request.

— Require businesses not already covered by the Gramm-Leach-Bliley Act or HIPPA (Health Insurance Portability and Accountability Act of 1996) to create a data privacy and security program.

That part of the Leahy-Specter bill also expands disclosure rules nationwide, and mandates that customers be informed of any security breach involving more than 10,000 people, or that revolved around a database with more than a million entries. And forces the General Services Administration (GSA) to review government contractors’ the privacy and security programs before awarding contracts.

http://www.techweb.com/wire/security/164904367

The scandal has shaken India’s booming outsourcing industry, which provides telemarketing services, call center operations, payroll accounting, and credit card processing for hundreds of Western companies.

The government’s actions follow a report last week by a British newspaper that an Indian call center employee allegedly supplied details on the Britons’ bank accounts, credit cards, passports and drivers’ licenses to an undercover reporter for the Sun newspaper.

Karan Bahree was sacked from his job at Web designer Infinity eSearch on Saturday after the tabloid said it paid Bahree 3 pounds (US$5.40; euro4.20) for each person’s details, which included phone numbers, addresses, and pass codes.

NASSCOM said it is building a central database of all outsourcing industry employees to prevent criminals from getting jobs in the sector and threatening the data security of global companies.

http://www.securitypipeline.com/164903890