ChoicePoint's hack disclosure sparks a call for expanded privacy laws in Congress.
In the wake of recent high-profile thefts of sensitive personal information from what were considered protected databases, legislators are preparing to turn up the heat on private enterprises that fail to safeguard customers data.
Lawmakers renewed urgency is being fueled largely by the recent security blunder at data warehouse vendor ChoicePoint Inc.
The incident, which illustrates the kind of damage many privacy-law advocates have long feared, is spurring legislators to take a new look at data privacy initiatives that died in the last session of Congress.
ChoicePoint, based in Atlanta, disclosed earlier this month that scammers accessed information on more than 145,000 consumers, including Social Security numbers and credit histories.
In a separate incident, thieves stole some of Science Applications International Corp.s computers, which contained lists of SAIC shareholders, including their addresses, phone numbers, stock holdings and Social Security numbers.
Following requests from minority leadership last week, Sen. Arlen Specter, R-Pa., chairman of the Senate Judiciary Committee, said he would hold a hearing on the ChoicePoint incident.
Two of the Senates leading champions of privacy rights, Patrick Leahy, D-Vt., and Dianne Feinstein, D-Calif., called for an investigation.
Committee members want to examine how the incident happened and "how it can be prevented in the future," said Tracy Schmaler, a representative for Leahy.
The senator is considering proposals that were not introduced in the last Congress, and there is more momentum for legislation this session, Schmaler said.
Read more here about the U.S. Senates passage of the Identity Theft Penalty Enhancement Act.
Feinstein has reintroduced a bill that would require all federal agencies and any enterprise doing business in more than one state to disclose to customers any unauthorized acquisition of their personal information.
Feinsteins measure, known as the Notification of Risk to Personal Data Act, first introduced in 2003, is similar in spirit to a California law that requires such notifications.
The experts weigh in.