Identity theft legislation to get tougher on data brokers
BIRMINGHAM – U.S. Representative Artur Davis and law enforcement officials from across the state of Alabama held a press conference Monday at the Birmingham Police Department Headquarters announcing legislation introduced in the House of Representatives to strengthen data security with companies that control sensitive consumer information.
Davis said tougher enforcement of laws, as were called for by the Consumer Data Security and Notification Act of 2005, were long overdue.
“Congress needs to strengthen federal standards to provide more rigorous safeguards against the rising problem of identity theft,” Davis said. “This bill represents a common sense approach that rewards the legitimate expectations of consumers and the financial service industry.”
Corey Ealons, a representative of Davis’ office, said at their Monday meeting they focused on the major areas identity theft poses the biggest problems.
“We focused on three things really,” Ealons said. “Number One, we looked at the issue of identity theft as far as how individuals can protect themselves. Secondly, we focused on how law enforcement can do their part to make sure these people get caught. Third, we focused on the Congressional Bill in Washington to deal with data brokers.”
Ealons said there are no real incentives in place to cause data brokers to inform individuals if their information has been misplaced, stolen, or given to the wrong people. Ealons said in many other professions people must take responsibility for these actions and felt that rule should apply to everyone that handles personal information.
“If information is lost from a doctor or lawyer they have a sworn duty to inform those people,” Ealons said. “Data brokers should have the same position.”
The bill would expand federal protections against improper collection and sale of sensitive consumer information. It also provides consumers with advance warning when personal information is at risk. The basic format of the
Circuit Four District Attorney Michael Jackson, who was at the Monday meeting said he has seen a growth in identity theft crimes in his area. Jackson said many times companies would call and sound as if they are a legitimate business. However, trouble soon follows.
“Identity theft is a growing problem in the Black Belt,” Jackson said. “There are several situations where people will call and they will sound like they are form a legitimate business and ask for things such as Social Security numbers. This bill will require those entities to keep personal information more secure. It will also help slow down the sale of this information once it is processed.”
Jackson, who represents, Bibb, Dallas, Hale, Perry and Wilcox Counties said identity theft would be prosecuted to the full extent of the law in his circuit.
“We plan to crack down on this in the five counties I represent,” Jackson said. “Any theft is bad, but this type is especially bad because it can take years for a person to straighten it out.”
Jackson said in many cases identity theft is more dangerous than fraudulent use of a credit card or forgery because thieves are allowed access to things like Social Security numbers and other important information which allows them to open multiple accounts. Jackson said it may be years before he crime is even discovered because the bills go to a completely different address and sometimes do not surface on a persons credit record until they check it years down the road.
The basic outline of the bill is to focus on protecting customers. The Consumer Data Security and Notification Act of 2005 would make the following changes to federal law to enhance data security and help consumers protect their private information:
The first major change would be the regulation of data brokers. This change expands the Fair Credit Reporting Act to cover unregulated data brokers, requiring them to operate by the same information sharing standards and offer the same consumer protections as consumer reporting agencies.
New data security standards would also be added through the bill. This imposes data security obligations and standards on data brokers and consumer reporting agencies.
The bill also calls for a uniform data breach notification. This establishes requirements for data brokers, consumer reporting agencies and financial institutions to notify consumers following a breach in any data system in which sensitive consumer information has been obtained by an unauthorized party and is likely to be misused.
The final change calls for a notification by merchants. This imposes responsibilities on retailers to protect customer payment account information and notify customers or their financial institutions when account information has been obtained and is likely to be misused by unauthorized parties.