The House Committee on Energy and Commerce approves the final shape of a bill designed to ensure that data brokers protect consumers' personal information.
The House Committee on Energy and Commerce has approved an identity theft bill that would set a national standard for data brokers efforts to protect personal information.
The Data Accountability and Trust Act
was nearly one year in the making, following a series of high-profile data security breaches last year.
According to the act, data brokers would be required to institute a security policy for collecting, using, selling and securing the information they hold, and they would be required to monitor their security systems regularly.
If a breach occurs, the Federal Trade Commission or an independent auditor would review the brokers security plan following a breach, and subsequently the FTC would be permitted to require audits for five years.
If there is a reasonable risk of ID theft, fraud or unlawful conduct as a result of a breach, the company would have to notify U.S. consumers whose data was acquired by an unauthorized person as a result of the breach. The company would also have to notify the FTC and post a notice on its Web site.
ID theft tops the list of fraud complaints. Click here to read more.
"Nobody needs to be left in the dark when their data has been compromised," said Rep. Joe Barton, R-Texas, chairman of the committee.
Consumers would be allowed annual access to their data, and they would have the right to have inaccurate information corrected or marked disputed. The bill also would make it illegal for brokers to obtain data on someone by impersonating that person, a practice known as "pretexting."
The legislation "sends a clear message to the collectors of this information: If you cant protect it, dont collect it," said Rep. John Dingel, D-Mich., adding that additional work needs to be done before Congress votes on the bill.
How can SMBs walk the line between cost-effective solutions and reliable security protection? Join Ziff Davis Media eSeminars, HP and PC Connection on March 29 at 4 p.m. ET, and learn how to develop an effective and affordable security and business protection strategy.
Several members of the committee sought greater protections for consumers. Rep. Ed Markey, D-Mass., introduced several amendments that were not approved, including a provision to protect data that is sent overseas for handling.
"What happens when this data is sent offshore for storage in a database or for processing?" Markey asked, adding that the bulk of data shipped overseas goes to countries with weak privacy protections, including Bangladesh, Brazil, China, Pakistan and Thailand.
Markey also sought to include a prohibition on buying and selling social security numbers. Barton said it would not be germane to the ID theft bill, but said he is willing to work on separate legislation to protect social security numbers.
The bills author, Rep. Cliff Stearns, R-Fla., said it is endorsed by Microsoft, Entrust and the Business Software Alliance.
Check out eWEEK.coms for the latest news, views and analysis of technologys impact on government and politics.