Senator Floats Heftier Bill on Data Theft

Privacy experts hope Sen. Dianne Feinstein's bill will close large loopholes in existing legislation, following a recent LexisNexis data breach affecting more than 310,000 U.S. citizens.

The day before data broker LexisNexis increased by nearly tenfold the number of identities feared stolen in last months data breach, Sen. Dianne Feinstein (D-Calif.) on Monday filed beefed-up identity legislation that privacy experts hope will close large loopholes in existing and previously filed legislation.

Feinsteins current bill, which the Senate Judiciary Committee will examine Wednesday, is an overhaul of the ID Theft Notification Bill that Feinstein proposed in June 2003. She hammered out the current version with the help of the Consumers Union, the Privacy Rights Clearinghouse and EPIC (the Electronic Privacy Information Center).

It was drafted to close a loophole in the senators previous legislation and in Californias Security Breach Information Act (SB 1386), through which companies can avoid notifying customers of data breaches if the breached data is encrypted or if no PINs are collected with Social Security numbers.

"After additional discussions with privacy rights advocates, it became clear that much more needed to be done to protect Americans," Feinstein said in a news release.

"Every day, we learn that we are more and more at risk from identity theft—entire databases have been lost, stolen or hacked into," Feinstein said.

"First we heard about ChoicePoint—a case that resulted in the theft of the personal information of 145,000 Americans—but this was just the beginning. Now we have watched as wave after wave of data system theft has come to light, exposing millions of Americans to identity theft."

Chris Hoofnagle, director of the West Coast office of EPIC, said Feinsteins revamped legislation would accomplish two things: encourage companies to stop collecting drivers license numbers and/or Social Security numbers, and encourage the use of encryption and other security safeguards.

"The legislation from Dianne Feinstein is a fine improvement upon earlier drafts," said Hoofnagle, in San Francisco. "Really, its about notice, but it improves information-collection practices and security."

At this point, EPIC hasnt even figured out all of the loopholes in Californias SB 1386, Hoofnagle said. "Were still finding them," he said.

Next Page: Still needed: Harnessing of data brokers.