Senate Hearings and New Legislation on ID Theft

A recent U.S. Senate Judiciary Committee hearing brought more attention to concerns about identity theft and the use of personal information, as well as new revelations of a major security breach involving sensitive information from LexisNexis. Another comprehensive ID-theft bill was introduced, and hearings by the Senate Commerce Committee are expected in mid-May.

At the April 13 Senate hearing, the president and CEO of LexisNexis said that information on 310,000 people may have been stolen from their databases over the last two years, more than 10 times the number they disclosed last month. The disclosure came after Sen. Dianne Feinstein (D-CA) asked if there had been any security breaches prior to a 2003 California law took effect that requires companies to notify residents of that state if certain information about them may have been lost or stolen.

The Senators also heard testimony from the FBI, Secret Service, state attorneys general, as well as ChoicePoint and Acxiom. The lawmakers all agreed that federal legislation was necessary to address the issue. Some highlights include:

• Sen. Arlen Specter (R-PA), the panel's Chairman, promised, "very firm legislation." "It is my conclusion that we do need federal legislation, that there needs to be uniformity as we approach an enormous problem of this sort." Specter said he is asking the Federal Trade Commission (FTC) to review legislation he has drafted, but not revealed yet.

• Sen. Patrick Leahy (D-VT), the ranking Democrat on the Committee, said, "Congress has a role in protecting Americans' privacy, but we must do it right."

• Sen. Feinstein continued to push for her federal notification law, which she recently reintroduced, saying, "We urgently need a strong national standard that says whenever a data system is breached, everyone who is at risk of identity theft must be notified."

At least five congressional committees will be involved in considering some type of legislation governing personal information. Key lawmakers are now trying to decide how broad they want the legislation to be, whether simply focused on identity theft and the use of Social Security numbers or covering more types of data and lists.

New Schumer-Nelson Bill

To coincide with the Judiciary Committee hearing, Senators Chuck Schumer (D-NY) and Bill Nelson (D-FL) introduced a bill (S. 768) that they called “the first and most comprehensive effort to really prevent ID theft, not just punish those who commit ID theft.”  The legislation would increase the oversight of data brokers, have them register with the FTC, require new security measures, and create a new FTC office to help victims of identity theft. 
 
The Schumer-Nelson bill focuses on what it calls “sensitive personal information,” which it defines to include Social Security numbers, medical and financial information, and state driver’s license numbers and whatever else the FTC deems “appropriate.”  Companies covered by the bill are those that collect or sell this information.  In other words, non-sensitive information would not be covered.    
 
Sen. Schumer is a member of the Judiciary Committee, as well as the Finance Committee, which would address issues related to Social Security numbers.  Sen. Nelson is a member of the Commerce Committee, which is expected to begin holding hearings in the middle of May.