ChoicePoint Exec And Lawmakers Don't See Eye To Eye On Identity Protection - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure

ChoicePoint Exec And Lawmakers Don't See Eye To Eye On Identity Protection

Key House chairman predicts Congress will enact law restricting sale of Social Security numbers by businesses.

Prompted by an incident in which personal information was fraudulently obtained from data broker ChoicePoint Inc., Congress is likely to enact legislation to limit the sale of Social Security numbers, a key lawmaker said Tuesday. But the CEOs of ChoicePoint and information broker LexisNexis Group's U.S. Corporate and Federal Government Markets cautioned the lawmakers not to ban all sales of Social Security numbers.

"There's a very good chance we're going to put together a bill that will make it illegal to sell the Social Security number without the permission of the individual unless there is a legitimate law-enforcement purpose," Rep. Joe Barton, the Texas Republican who chairs the House Commerce and Energy Committee, said at a House hearing addressing identity theft. "There may be one or two other exceptions; I don't know what they would be. I have not heard anything that explains to me why we should allow that to go on."

At the four-hour hearing--held by the panel's Subcommittee on Commerce, Trade, and Consumer Protection--lawmakers also suggested that Congress would consider legislation to extend to businesses that sell consumer information the rules in the Gramm-Leach-Bliley Act, a 6-year-old regulation that requires financial institutions to have a security plan to protect the confidentiality and integrity of personal consumer information.

And though the chairwoman of the Federal Trade Commission and executives from ChoicePoint and LexisNexis called for a single federal act to regulate data brokers that would usurp state laws, others contended that eliminating state statutes could harm consumers.

Identity theft is a growing problem in the United States, with technology making it easier for crooks to heist Social Security, driver's license, and bank-account numbers, as well as other personal information. An FTC survey in 2003 found that in one year nearly 10 million people discovered some of their personal information was stolen, costing businesses $50 billion and individuals $5 billion. ChoicePoint last month said scam artists had tricked the Georgia company into handing over 145,000 records containing Social Security numbers and other personal information on people in every state. And last week, LexisNexis said thieves using passwords and identifications from legitimate customers broke into its databases and stole personal information on about 32,000 Americans.

Despite calls to restrict the sale of Social Security numbers, FTC chair Deborah Majoras, along with ChoicePoint CEO Derek Smith and LexisNexis unit CEO Kurt Sanford, testified that situations exist in which businesses should be given a consumer's Social Security number without notification to facilitate commerce, such as when a bank considers issuing a loan and wants to ensure that it's being granted to the right individual. "How do we associate records of information with a particular individual?" Sanford asked. "That Social Security number is that unique identifying piece of info to allow financial institutions, for example, to determine whether they're having a fraudulent transaction in their business."

Majoras and the two CEOs also said that any legislation Congress offers to regulate the transfer of personal information should usurp state laws so as not to overwhelm consumers with notification if personal information is stolen. "It is important that any such proposal contain federal preemption to ensure that companies can quickly and effectively notify consumers and not struggle with complying with multiple, potentially conflicting, and inconsistent state laws," Sanford said.

But Marc Rotenberg, president of the Electronic Privacy Information Center, a public-interest group, noted that the California law required ChoicePoint to notify consumers that their personal information was stolen. "Congress simply should not pass laws that tie the hands of state legislators and prevent the development of innovative solutions that respond to emerging privacy concerns," Rotenberg said.

The heads of the data brokerages had no objection to extending the safeguard provisions of the Gramm-Leach-Bliley Act to their businesses. But Rotenberg called for a new law to let the FTC develop fair information practices for data brokers, which also would subject violators to civil penalties. "Consumers would be able to pursue a private right of action, albeit a modest one," he said. "And states would be free to develop stronger measures if they chose."

Adding a more formal structure to the current scheme of information use could help society realize the full value of technology-based tools, ChoicePoint's Smith said. "Every advance in technology that makes our lives easier also makes it easier for our enemies to move swiftly against us," he said. "You and I can be approved for a bank account in a matter of minutes, but a person can use that same technology to get a fake or real driver's license or to create a fake business. The point being, technology and information are neither good nor bad. People determine if the power of information is used for the benefit of individuals or society or to create harm."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll