Saturday, March 01, 2008

110th Congress has signficant bills to protect consumer identity security


The March issue of the Erickson Tribune discusses recent attempts in Congress to protect consumer identification security. I give all the detailed links here.

The most important bill in the 110th Congress is in the Senate: Personal Data Privacy and Security Act of 2007, introduced by Patrick Leahy (D-VT), S. 495. This bill would criminalize many activities that deliberately or negligently jeopardize consumer security, and would require that data brokers make data on individual consumers available when requested. In the past, this has been an issue because data brokers don’t provide credit reports or “FICO scores” as such, but employers and landlords use them, and mis-information is possible. Data is sometimes collected on the wrong individual, and sometimes these companies present data on all like-named individuals in one report, a practice that could harm the reputation of a job applicant from a psychological perspective.

The bill does not appear at first to "burden" small businesses, although entrepreneurs who process their own credit card purchases and have high volumes of customers (often with the help of third party shared or dedicated web hosting) could be impacted, and systems development on the part of large ISPs like Verio could be needed to help them.

The House has a simpler bill, H. R. 958, the Data Accountability and Trust Act. It would also address non-digital records.

The House also has a better known and somewhat controversial bill, H.R. 3046, the Social Security Number Privacy and Identity Theft Protection Act of 2007, introduced by Michael McNulty (D-NY). This would prevent the “sale” of social security numbers, and data brokerage companies (and perhaps credit reporting companies) have argued and lobbied that this law would interfere with legitimate functions in their business.

Still, I think Congress could do more to require due diligence from major lender in properly identifying customers, using the NCOA database owned by the USPS, although considerable systems development and implementation (much of it mainframe, probably done by coordinated major vendors like EDS, Perot Systems, IBM, Computer Sciences, Unisys, Northrup-Grumman, etc) would have to take place first.

No comments: