Privacy experts hope Sen. Dianne Feinstein's bill will close large loopholes in existing legislation, following a recent LexisNexis data breach affecting more than 310,000 U.S. citizens.
The day before data broker LexisNexis increased by nearly tenfold the number of identities feared stolen in last months data breach, Sen. Dianne Feinstein (D-Calif.) on Monday filed beefed-up identity legislation that privacy experts hope will close large loopholes in existing and previously filed legislation.
Feinsteins current bill, which the Senate Judiciary Committee will examine Wednesday, is an overhaul of the ID Theft Notification Bill that Feinstein proposed in June 2003. She hammered out the current version with the help of the Consumers Union, the Privacy Rights Clearinghouse and EPIC (the Electronic Privacy Information Center).
It was drafted to close a loophole in the senators previous legislation and in Californias Security Breach Information Act (SB 1386), through which companies can avoid notifying customers of data breaches if the breached data is encrypted or if no PINs are collected with Social Security numbers.
"After additional discussions with privacy rights advocates, it became clear that much more needed to be done to protect Americans," Feinstein said in a news release.
"Every day, we learn that we are more and more at risk from identity theftentire databases have been lost, stolen or hacked into," Feinstein said.
"First we heard about ChoicePointa case that resulted in the theft of the personal information of 145,000 Americansbut this was just the beginning. Now we have watched as wave after wave of data system theft has come to light, exposing millions of Americans to identity theft."
Chris Hoofnagle, director of the West Coast office of EPIC, said Feinsteins revamped legislation would accomplish two things: encourage companies to stop collecting drivers license numbers and/or Social Security numbers, and encourage the use of encryption and other security safeguards.
"The legislation from Dianne Feinstein is a fine improvement upon earlier drafts," said Hoofnagle, in San Francisco. "Really, its about notice, but it improves information-collection practices and security."
At this point, EPIC hasnt even figured out all of the loopholes in Californias SB 1386, Hoofnagle said. "Were still finding them," he said.
Next Page: Still needed: Harnessing of data brokers.
Lisa Vaas is News Editor/Operations for eWEEK.com and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on eWEEK.com, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.