Another day, another massive data leak. Another 100,000 or so Americans exposed to identity theft. And still, we don't seem ready to talk about the real problem: Consumers are being forced to live in the personal data flood plain, often against their will. And the river keeps rising. 

advertisement

High-tech financial firms are selling, sharing, and hemorrhaging personal data like a leaky dam. Yelling at the dam won't do much good, and neither will spackling over the holes. A more fundamental change is needed.

Theft of personal data is prevalent for one simple reason: the data is incredibly valuable. It's time Congress and U.S. financial institutions take an honest look at why that is, at the only reason anyone wants to steal all that personal data in the first place: the free-flowing, overflowing issuance of instant credit.

Today, consumers can walk into virtually any electronics store with an empty wallet and walk out with a $3,000 television set in a few moments. Often, all that's required is a Social Security number that happens to be attached to a decent credit rating. As long as these stolen nine digits are worth $3,000 or more, criminals will always find a way to take them. 

Only meaningful reform of the way our nation distributes instant credit will change this equation. Hackers will always steal what's valuable; only by de-valuing personal information like Social Security numbers will the rash of high-tech data thefts stop.

The credit and retail industries fear any interruption in the free-flow of credit, saying it will cut down on consumer impulse buys. So we sacrifice the privacy of millions to protect the ability to spend much of our future earnings in an instant. It's time to openly debate the wisdom of that trade-off.

Two million exposed in recent weeks
The numbers exposed by the recent spate of database thefts are staggering. More than 100,000 people apiece were exposed by data thefts at ChoicePoint, The University of California at Berkeley, and at Boston College. Other massive data thefts at Chico State in California, LexisNexis, George Mason University, and the Las Vegas Department of Motor Vehicles each exposed tens of thousands of consumers. Bank of America lost computer backup tapes containing personal information on 1.2 million consumers.

Added together, these incidents have exposed more than 2 million U.S. consumers to possible identity theft. And that's just in the past six weeks. 

The obvious question must be asked -- at some point, will everyone's identity be stolen?

That's not as far fetched as it sounds. The Federal Trade Commission estimates that 27 million Americans were victims of some kind of ID theft in the past five years. Other studies suggest 1 in 20 U.S. citizens had been hit by this kind of electronic fraud. Last year, an industry group suggested that about 100 million credit card numbers had been stolen in one way or another.

Companies like ChoicePoint have taken a public beating in recent weeks, with government officials critical of the firm's data gathering and storage practices. And the floggings will continue: Sen. Arlen Specter will host a hearing of the Senate Judiciary Committee next week, offering another chance to take pot shots at data firms.

Beating up ChoicePoint doesn't solve the problem
While it's clear ChoicePoint didn't do enough to secure the private information it stores, beating up the firm will do little really to stop the problem of identity theft. Criminals will just find another source of the data. Congress will continue to hold hearings, and debate measures such as limitations on the sale of Social Security numbers. That's a step worth exploring, but it will only stop legal sale of SSNs. Illegal data sales, and thefts, will continue unabated -- as long as the data remains so valuable.

advertisement

While federal legislators have yet to take on easy access to instant credit, many state legislators are doing just that. About 20 states are considering laws that would allow consumers to lock down their credit reports, preventing anyone from obtaining instant credit by using their personal information. It's called a security freeze.

Such laws would not prevent data theft; but they would make stolen data worthless to the thieves. For those who have already been victims of identity theft, placing a security freeze on credit files offers an instant source of comfort. Those at high risk for ID theft, such as those going through divorce or those facing domestic violence, may also find the measure comforting.

The credit industry is correct that many consumers may choose not to take the extreme step of a credit file lock. Many consumers choose today to not lock their car doors. But the auto industry has repeatedly responded to the problem of auto theft, adding electronic devices, car stereo face plates, and electronic ignition keys. There are a host of things consumers can do to decrease the odds that their car will be stolen. Not so with their identity.

Consumers needs a choice
America's credit industry must offer consumers similar choices. Today, there is nothing a consumer can do to prevent an episode of identity theft. Personal data lands on the computers of firms such as ChoicePoint without the consent of the consumer. It may then be stolen without their knowledge. The best a consumer can do is find out after an identity theft is already under way. 

If the last six weeks' worth of database heists have attracted any meaningful attention to the problem, federal legislators and financial institutions must recognize that the dam of personal information is broken. The time for quick fixes is over. Building more sandbag walls won't help. It's not a question of if, but when, your personal information will flow over the banks during the next data leak. 

Consumers must be given the opportunity to lock the doors on their digital lives. They must have the option to move their personal information out of the identity theft flood plain, up to high ground. 

(Originating URL = http://www.msnbc.msn.com/id/7358558/page/2/ )