Technology

Senators try again on identity theft bill

Senators
Tom Carper (D-Del.)
and Bob Bennett (R-Utah) re-introduced a bill Wednesday that would
require
companies to notify consumers when their personal information has been
stolen.

The bill would replace a
system of state data breach notification laws with a national framework
clarifying what constitutes personal or sensitive information — any information
that can be used to steal from a consumer, commit identity theft, or be used for
other criminal activities. The bill also requires organizations to notify
consumers within a reasonable timeframe if their information has been
breached.

Carper and Bennett have
introduced similar legislation in previous sessions, but a senior Senate aide
said the current focus on cybersecurity makes this their best chance of getting
the bill passed. The aide also said the Obama administration recognizes the
severity of the identity theft problem and is anxious to find a solution.

The legislation would apply
to any organization that collects private or sensitive information from the
public, including businesses, schools and government institutions. The bill
requires that the organizations disclose all breaches but does not introduce
any new penalties if they fail to do so.

Instead the lawmakers rely on
existing regulations that require companies to adequately protect consumer
information or face fines, public notification, or other regulatory penalties.
Enforcement will fall to various regulatory agencies, depending on the sector
in which the breach occurs; financial institutions that lose customer
information must notify the Securities and Exchange Commission or Federal
Deposit Insurance Corporation, while other groups may report to the Federal
Trade Commission.

“We live in an Information Age where technology provides greater
ease and business opportunities for Americans, but also increases the ability
for criminals to exploit any weak link in the cyber-world,” Bennett said. “In
the event that protection is violated, putting victims of identity theft or
account fraud at risk, [the bill] provides a much needed uniform national
standard for data security and breach notification.”