Opinion: Breaches at LexisNexis and ChoicePoint bring to light how lax security is at big database companies. So the government is taking action. But will it be enough?
Everybodys got it. Most people treasure it. And its in danger. For some its already been compromised. And everyones pretty sure their turn is coming.
Privacy. Politicians have discovered that its not guaranteed, and theyre upset. Theyre not alone. Voters are upset because the big database companies are playing fast and loose with their information: Credit ratings and tax status, property records and employment history. Breaches at two well-known data companies, LexisNexis Seisint division
and ChoicePoint, have focused attention on what many tech-savvy citizens have known for a while: Security at many of these companies is lax.
Now, when an industry goofs, it means someone must do to something. So Washington is springing into action
Wednesday, the Senate Judiciary Committee
held hearings on the issue.
Earlier in the week Sen. Dianne Feinstein (D-Calif.), using a California law as her model, introduced legislation. Sens. Charles Schumer (D-N.Y.) and Bill Nelson (R-Fla.) also have legislation pending. Over in the House Commerce Committee, Rep. Joe Barton (R-Texas) is talking about finding ways to protect Social Security numbersa de facto national identification numberfrom falling into the wrong hands. Sen. Pat Leahy (D-Vt.), the highest-ranking Democrat on the Senate Judiciary, has also hinted that hes working on legislation. And Sen. Arlen Specter (R-Pa.) made his displeasure about the current state of affairs well-known at Wednesdays hearing. This is a powerful alliance. Somethings going to happen.
Read more here about what lawmakers are doing to protect your data.
But what? Solutions to the problem arent centering on getting individuals to be more careful about information or about creating better network security, data management or encryption systems. Nor is anyone seriously talking about reducing the role that private data collection companies play in law enforcement and government investigations. All of which might turn into more permanent fixes.
Instead, two solutions are being offered.
One, Schumer and Nelsons, would put data companies under the control of the Fair Credit Reporting Act. The idea here is to let people see information on file about them and give them a chance to correct errors or mistakes just as theyre able to do with their credit ratings.
Feinsteins suggestion has been to take the notification requirements in California law and apply them nationwide. The breach suffered by ChoicePoint, the Georgia company, became public when it had to comply with the states law and tell residents their information had been passed onto thieves. Requiring national alerts would heighten awareness and create a bigger safety net for consumers, particularly if it were combined with free annual reviews.
Getting at the heart of the problem.