The federal law would allow consumers to freeze their credit reports only after proof of identity theft. According to the Seattle Times, in the past 1.5 years, there have been at least 90 million individual records containing personal information put at risk in 100 known data breaches.
Moreover, the federal law would undercut state efforts because it requires institutions to notify individuals "of a data breach only if the breach is 'reasonably likely' to result in identity theft." States allow the freeze if an individual's private information has been compromised.
And how are these data being "lost"? Employees taking home laptops with sensitive data - unencrypted - and losing the laptop. Ditto info on USB (thumb) drives. Companies selling surplus computers on eBay without erasing hard drives. Major institutions -- including state and federal goverments, financial institutions and universities -- have been implicated.
An alternative bill, HR 4127, the Data Accountability and Trust Act, was reported by the Energy and Commerce Committee in May. It would "require that each time a security breach of personal security is detected the intended target or victim of the breach be notified by the responsible party."
It's not too late to contact your representative on this issue. HR 3997 overview. Bill text (pdf) as well as House Committee Reports (1 - pdf, 2-pdf)Also, see Congress must pass strongest protection of consumer data, Don't let credit bureaus sell your personal data, My identity laid bare
Comments
Great article. It seems crazy that in this day, Congress would be taking away rights rather than giving more rights. Apparently right now, this bill HR3997, is going to be stalled at least until after the mid-term elections, and possibly well into 2007.