The pressure from Capitol Hill on corporate America to clean up its act with regard to safeguarding sensitive customer information continues to increase, as Sen. Jon Corzine said Thursday that he plans to introduce a new bill next week that will require corporate officers to attest that their companies have adequate measures in place to secure customers personal data.
The Identity Theft Recovery and Victim Assistance Act would also require businesses to tell customers immediately if they believe that customer data has been compromised.
In that respect, Corzines bill goes much farther than another identity theft-related measure introduced in January by Sen. Dianne Feinstein. That earlier bill is much like a California law in that it requires businesses to notify customers of breaches within a reasonable amount of time.
Corzine, D-N.J., announced his plan to introduce the bill at a hearing of the Senate Committee on Banking, Housing and Urban Affairs, on which he serves. The hearing, convened to address a rash of recent incidents in which customer data has been stolen or lost, included testimony from executives of several companies victimized by these breaches, including ChoicePoint Inc. and Bank Of America Corp.
Members of the committee and other Senators testifying before the committee were quick to criticize both ChoicePoint and Bank of America.
Sen. Patrick Leahy, who has been one of the more active members of Congress on the issue of identity theft, testified at the hearing and called Bank of America officials on the carpet over the companys recent loss of data backup tapes containing information on more than a million customers, including some senators.
The bank has said that the tapes were likely lost or stolen on a commercial flight en route to a backup facility.
“I dont know what these people are thinking. Can you imagine how disillusioned their customers must be?” Leahy said. “It was an irresponsible breach of the fiduciary responsibility they have to their customers. This is not a Democrat or Republican issue. Its an American issue.”
ChoicePoint, a data warehouser that aggregates consumer information and sells it to government agencies and other customers, said last month that it unknowingly sold sensitive data on 145,000 people to criminals who had posed as legitimate businessmen. The Federal Trade Commission estimates that identity theft costs consumers and businesses more than $50 billion each year.
Committee members tried to pin down Deborah Platt Majoras, chairman of the FTC, on whether new laws were needed to help stop identity theft and regulate the way that businesses handle consumer data. Majoras chose her words carefully, but conceded that some tighter regulations may be needed.
“We ought to look at a broader security standard,” she said. “What we have today is a patchwork.”