Outrage on Capitol Hill over recent high-profile data breaches is leading to almost-certain passage of information protection legislation by this Congress.
Not coincidentally, the measure most likely to pass—a notification requirement for victims of identity theft—already has the approval of the data brokerage industry.
However, broader privacy legislation faces a tougher battle in Congress, where ChoicePoint Inc., LexisNexis and other third-party data aggregators maintain an ongoing lobbying front. Having long fought for greater protections of personal information, several lawmakers are acknowledging the political reality.
“What we have today is an industry that is still in denial,” said Rep. Ed Markey, D-Mass., after grilling ChoicePoint Chairman and CEO Derek Smith last week.
Charging that ChoicePoint and the industry “hope to be able to ride out this scandal,” Markey said that securing broader privacy laws will be difficult in light of the lobbying efforts.
A consensus has been achieved, however, that Congress should require data brokers to notify individuals at risk following a data theft.
The industry supports the initiative, in large part because several states are beginning to follow in the footsteps of California and enact such requirements themselves.
Congress has received a green light from the White House, via the FTC (Federal Trade Commission), to pursue a nationwide notification law.
FTC Chairman Deborah Platt Majoras in Washington said that a federal measure pre-empting state laws would be beneficial.
The FTC supports an extension of safeguards to hold all data brokers to the higher standards imposed on banks, said Majoras.
A federal notification requirement is not enough to appease many lawmakers. Of particular concern is the sale of Social Security numbers without an individuals consent.
“If I want to give my Social Security number to somebody, Ill give it to him,” said Rep. Joe Barton, R-Texas, chairman of the House Committee on Energy and Commerce.
“I dont see how it serves my purpose when my number and my information are routinely given without my permission.”
The industry may have an ally in the FTC in opposing any such restrictions.
According to Majoras, there are legitimate purposes for obtaining a Social Security number without the individuals knowledge, including fraud investigations and law enforcement.