Senator Dianne Feinstein (D-Calif.) hopes to stem the rising tide of identity theft and other privacy abuses with legislation setting a national standard for protection of personal information, including Social Security numbers, driver's licenses and health and financial data.

This legislation, known as The Privacy Act of 2003 (S. 745), establishes a two-tiered system of protection for all personal information. For the most sensitive personal information such as Social Security numbers, Feinstein's bill calls for an opt-in system that requires companies to obtain an individual's explicit permission prior to the sale, licensing, or renting of the information to third parties.

For non-sensitive personal information such as names and addresses, companies that wish to collect, sell, or market that data must give individuals an opportunity to withhold their personal information if they so choose.

"Americans' personal information is much too vulnerable to theft or abuse," Feinstein said. "With access to sensitive data so widely available -- often just at the touch of a keyboard -- it is easy to understand why identity theft has become one of the country's fastest growing crimes. The legislation I have introduced today would help stop identity theft and would give consumers more control over how their personal information is used."

In addition to establishing a national standard for the protection of personal information, the legislation would also prohibit the sale or display of Americans' Social Security numbers to the public, but would allow businesses to share these numbers with other businesses and government entities.

In addition, Feinstein wants to require local governments to remove Social Security numbers on government records available on the Internet or other electronic media, and the numbers would no longer be permitted to be printed on government checks or as the default driver's license number.

"Every American has a fundamental right to privacy, no matter how fast our technology grows or changes," Feinstein said. "A person should be able to have control over how his or her most sensitive personal information is used. But our right to privacy only will remain vital, if we take strong action to protect it."

The legislation would also:

  • Expand the opt-in requirements for health data to include health researchers, schools or universities, life insurers, employers, public health authorities, health oversight agencies, and law enforcement officials. Currently, only health plans, health care clearinghouses, health care providers are directly regulated under the law.
  • Permits businesses to share financial information with their affiliates or joint venture partners, unless a customer objects (opt-out).
  • Close loopholes in the Driver's Privacy Protection Act so that a state department of motor vehicles can no longer disclose the most sensitive information on a driver's license, such as the driver's identification number or physical characteristics, without the driver's opt-in.
  • Prohibits a business from denying service to a customer who refuses to provide his or her Social Security number, except in cases where the Social Security number is needed.
  • Protect the privacy of information regardless of the medium through which it is collected.
  • According to a report recently released by the Federal Trade Commission, identity-theft complaints were the most common fraud complaint reported by American consumers last year, accounting for 43 percent of all complaints to the FTC. Nationwide, identity theft complaints almost doubled last year to more than 160,000, and losses as a result of identity theft grew to $343 million.