Legislation needed on ID theft

Since the giant data broker ChoicePoint announced last February that crooks had put information on 145,000 consumers at risk, the Privacy Rights Clearinghouse counted about 114 other major data breaches, affecting about 52 million Americans.
Written by ZDNet UK, Contributor

To be a victim of identity theft is worse than having some nasty goo on your shoe. It's tenacious and follows you everywhere and our government is moving at a snail's pace to protect us from thieves stealing our data. Tom Zeller reports in the New York Times on the case of Raymond Lorenzo, whose stolen identity saddled him with tens of thousands of dollars in fraudulent credit card debt, traffic violations and a long criminal record. Though the imposter was eventually caught (he turned out to be the boyfriend of Lorenzo's ex-wife), Raymond Lorenzo has spent many years trying in vain to purge the errors from official documents.

"Identity theft is devastating for victims," said Mari J. Frank, an attorney in California and identity theft specialist who has been helping Lorenzo with his case. "Unfortunately, the companies and governmental agencies that facilitate this crime with sloppy information and handling practices have the money and clout to influence Congress to pass laws that protect themselves instead of our citizens."

Since the ChoicePoint fiasco there have been 114 other major data breaches, and the pressure to pass legislation to curb ID theft has been mounting. Although Congress has introduced a dozen or so bills, nothing has stuck. Some states have been more successful, enacting "laws that allow consumers some ability to freeze their credit, which prevents a consumer reporting agency from releasing information without a consumer's direct authorization."

"They say once the horse is out of the barn, why bother closing the door?" said the executive vice president of StrikeForce Technologies, a company based in Edison, N.J., that develops identity verification technologies for governments, businesses and financial institutions., referring to the millions of bits of consumer data already leaked into the black market. "But even if someone has your Social Security number, if you can prevent them from using it, that's the solution we should be driving towards."

The problem with getting a concensus on what laws should be enacted is that consumer and privacy groups want broad federal notification standards, the ability to freeze credit and new rights for consumers to see and correct information collected on them, while data handlers want to simply notify consumers when a breach occurs thereby circumventing convoluted state laws.

Bottom line: Whatever law Congress winds up passing should not trump the stronger laws that states like California and New York have or will pass. 


Editorial standards