Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Database
    • IT Management

    Senator Floats Heftier Bill on Data Theft

    By
    Lisa Vaas
    -
    April 12, 2005
    Share
    Facebook
    Twitter
    Linkedin

      The day before data broker LexisNexis increased by nearly tenfold the number of identities feared stolen in last months data breach, Sen. Dianne Feinstein (D-Calif.) on Monday filed beefed-up identity legislation that privacy experts hope will close large loopholes in existing and previously filed legislation.

      Feinsteins current bill, which the Senate Judiciary Committee will examine Wednesday, is an overhaul of the ID Theft Notification Bill that Feinstein proposed in June 2003. She hammered out the current version with the help of the Consumers Union, the Privacy Rights Clearinghouse and EPIC (the Electronic Privacy Information Center).

      It was drafted to close a loophole in the senators previous legislation and in Californias Security Breach Information Act (SB 1386), through which companies can avoid notifying customers of data breaches if the breached data is encrypted or if no PINs are collected with Social Security numbers.

      “After additional discussions with privacy rights advocates, it became clear that much more needed to be done to protect Americans,” Feinstein said in a news release.

      “Every day, we learn that we are more and more at risk from identity theft—entire databases have been lost, stolen or hacked into,” Feinstein said.

      “First we heard about ChoicePoint—a case that resulted in the theft of the personal information of 145,000 Americans—but this was just the beginning. Now we have watched as wave after wave of data system theft has come to light, exposing millions of Americans to identity theft.”

      Chris Hoofnagle, director of the West Coast office of EPIC, said Feinsteins revamped legislation would accomplish two things: encourage companies to stop collecting drivers license numbers and/or Social Security numbers, and encourage the use of encryption and other security safeguards.

      “The legislation from Dianne Feinstein is a fine improvement upon earlier drafts,” said Hoofnagle, in San Francisco. “Really, its about notice, but it improves information-collection practices and security.”

      At this point, EPIC hasnt even figured out all of the loopholes in Californias SB 1386, Hoofnagle said. “Were still finding them,” he said.

      Next Page: Still needed: Harnessing of data brokers.

      Harnessing Data Brokers


      Gail Hillebrand, senior attorney for the Consumers Union, said the new legislation is also notable in that it covers all industries and all forms of data, both analog and digital. “Its got one rule for all breaches, so theres no special exemption for the banking industry or any other industry,” she said.

      “Its got no special exemption for a company to decide, Its not important, we dont have to tell anybody about it, which is one idea that the industry has been floating around Capitol Hill,” Hillebrand said. “[Plus,] it covers security breaches of data held in paper form as well as computerized form. After all, a file cabinet with employee personnel files is as rich a source as a database. It covers both.”

      According to the senators news release, the new bill would require businesses or government agencies to notify individuals in writing or e-mail when personal information—such as a Social Security number, drivers license or state identification number, or credit card or bank account information—has been compromised.

      The only exceptions allowable under the new bill would be upon written request by law enforcement for purposes of a criminal investigation or for national security, according to the release.

      /zimages/1/28571.gifThe federal government wants private-sector security data. Click here to read more.

      At this point, Californias statute is the only existing state law to require that businesses inform consumers if their data has been compromised. Feinsteins bill would be the first to take that to a nationwide level.

      But privacy experts say notification is only part of the problem. The other side of the coin involves unregulated data brokers. “Theyre running around outside of the law,” said Edmund Mierzwinski, consumer program director at USPIRG (U.S. Public Interest Research Group).

      “The FTC [Federal Trade Commission] was caught asleep at the switch by allowing them to create a business model outside the law in the 1990s. Now, the FTCs kicking it home to roost, where we have unregulated data brokers in the center of the storm.”

      That storm grew in severity on Tuesday, as data broker LexisNexis revealed that personal information on 310,000 U.S. citizens may have been stolen, or nearly 10 times the number of citizens whose information was believed stolen when the company announced a data breach last month. According to Reuters, the companys parent, Reed Elsevier, determined that its database had been breached 59 times with stolen passwords, leading to possible theft of addresses and Social Security numbers.

      As reported by Reuters, LexisNexis plans to notify an additional 278,000 individuals who might be victims of identity theft. Of the 32,000 already notified in last months effort, only 2 percent asked the company to conduct an investigation into their credit records. In those records investigated, no identity theft was evident, LexisNexis officials told Reuters.

      The problem is that data brokers such as LexisNexis can sell to anyone, said EPICs Hoofnagle. “Weve been saying this a long time: The data brokers, their business model is one where they make more money by selling more and more details of personal information to more and more people. Theres really no upper limit to data collection.”

      As it now stands, Mierzwinski said, data brokers such as LexisNexis sell products that are virtually identical to credit reports and which are often used for the same purposes as credit reports, yet which are exempt from many credit laws.

      To address this, USPIRG is supporting legislation proposed by Sen. Bill Nelson (D-Fla.) and Rep. Edward Markey (D-Mass.) to regulate data brokers.

      /zimages/1/28571.gifCheck out eWEEK.coms for the latest database news, reviews and analysis.

      Lisa Vaas
      Lisa Vaas is News Editor/Operations for eWEEK.com and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on eWEEK.com, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×