Schakowsky Calls For Better Security Bill That Will Protect Consumers' Personal Information, Prevent Identity Theft. Says That Data Act, As It Stands, Fails To Meet That Standard ) .

Schakowsky Calls For Better Security Bill That Will Protect Consumers' Personal Information, Prevent Identity Theft. Says That Data Act, As It Stands, Fails To Meet That Standard

By Scha BLOGger
Friday, November 04, 2005

WASHINGTON, DC - U.S. Representative Jan Schakowsky, ranking member on the Subcommittee on Commerce, Trade, and Consumer Protection, today called for a better personal information security bill that would set a higher standard of accountability for businesses and protect consumers. Since February 2005, nearly 51 million notices have gone out to consumers informing them that their private personal information had been exposed or compromised because of strong state laws requiring notification. As it is currently written, H.R. 4127 would pre-empt those strong state laws, set a higher standard to trigger notification, and generally make it more difficult for consumers to protect their personal information. H.R. 4127 passed the Subcommittee on Commerce, Trade, and Consumer Protection today without a single Democratic vote.

The full text of Representative Schakowsky’s opening statement is below:

Thank you, Mr. Chairman, for holding today’s markup on H.R. 4127, the Data Accountability and Trust Act, or the DATA Act. Your bill seeks to address one of the biggest issues for consumers, one of the most troubling revelations of 2005, and the elephant in the room of many corporations and information brokers: the absolute lack of security and respect for consumers’ personal information.

While I appreciate your conducting Subcommittee proceedings under regular order with the DATA Act – holding hearings, the subcommittee markup today, and the commitment to have a full committee markup before heading to the floor – I also have to say that I am disappointed in the unilateral decision to introduce this bill before a sincere effort had been put into resolving the major issues that remain: the narrowly-focused and impossible proof standard for triggering notification, as well as the subsequent preemption of states laws.

There was a real possibility that we could have worked out an agreement for a sound and strong national consumer protection policy. However, not only were Democrats – who were willing to work on a bipartisan basis – left behind, but so were consumers. The DATA Act, as currently drafted, leaves consumers at the mercy of industries who think that personal information is just another way to make money, not something that should be guarded.

Since February 2005 and the news of the ChoicePoint scandal, nearly 51 million notices have gone out to consumers, letting them know that their personal information had somehow been compromised. There have been more than 80 breaches since mid-February: that is more than two per week.

Those notices would not have gone out had it not been for a strong California law that requires consumers to be contacted whenever there is “unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information.” Illinois, the second state to enact notification laws, has the same language – as do many of the 21 states that now have breach notification laws.

Consumers need to know if and when their information has been compromised so that they can make informed decisions about how to proceed and protect themselves from becoming victims.

Identity theft is a major issue in our country. In the last five years, over 27 million people have been victims of the fastest growing financial crime. Illinois and Florida are both on the top 10 list for the number of victims in each state. Most victims do not know how the crooks snagged their identity. Could it have been because of the lack of proper treatment of their personal information by corporations? The FTC has reported that those who discover their identity has been stolen right away experience less personal damage than those who discover it after months have gone by. When consumers receive timely notice that a database is compromised, they are better equipped to avoid being victimized themselves. If a breach occurs, consumers need to know to be on alert to prevent would-be fraudsters from using their personal information on a shopping spree or vacation to the tropics.

It is not just victims of identity theft who suffer financial harm that need to know that their information is fair game. Some have their identity stolen so that a crime can be committed in their names. Those victims need that notice so they can defend themselves if accused of crimes they did not commit. And, victims of domestic violence and stalking need to know if their information was leaked so they can protect themselves from the harms that can be committed by an enraged or deranged person or abusive stalker with access to the location of their current residence.

Finally, we – members of Congress – need those notices to go out so we can track the behavior of the industry we oversee, and so we can act if carelessness continues in the treatment of personal information. Again, we would not have known that a problem of this scale existed had it not been for strong state laws.

Unfortunately for all of us – except the bad actors – the risk-standard that triggers notice and the hobbling of state laws by the DATA Act will put the blindfold back on consumers and us. No notices would have gone out under the standard put forth in this bill. We would not have known how badly corporations treat personal information, nor would have consumers have been able to take action to protect themselves – even from financial identity theft – if this bill had been in place in February 2005.

As the old saying goes, sunshine is the best disinfectant. We have heard the industry express “great concern” that consumers will get too many notices and ignore them if notification continues to go out whenever information is compromised. That concern is disingenuous. The right response to over-notification is not to restrict information and to keep consumers and Congress in the dark. If we want to stop over-notification, then corporations need to clean up their act so consumers’ personal information is not compromised in the first place. We also need to make sure that states’ rights are protected and that they can protect their citizens from being harmed. If Congress is willing to sacrifice consumers for corporations, then I want the Illinois General Assembly and the Office of the Illinois Attorney General on the beat to protect my constituents.

Again, I thank you for giving us a chance to amend this bill in the subcommittee. I believe there is a good outline to build a strong national standard for consumer protections. I look forward to filling in the details with meaningful consumer protections.

(Originating URL = http://www.janschakowsky.org/LatestNews/tabid/53/ctl/ArticleView/mid/456/articleId/192/SchakowskyCallsForBetterSecurityBillThatWillProtectConsumersPersonalInformationPreventIdentityTheftSaysThatDataActAsItStandsFailsToMeetThatStandard.aspx )