Download our in-depth report: The Ultimate Guide to IT Security Vendors
WASHINGTON -- Trumped by a long series of bankruptcy reform floor votes, the Senate Banking Committee disappointed a jammed hearing room waiting to hear ChoicePoint and Bank of America executives testify about their embarrassing security gaffes.
The inquiry was postponed Thursday, mid-meeting.
With key votes coming at a rate of several an hour, the well- publicized ID theft hearing began late, was interrupted twice for votes and ultimately called off until a still undetermined date. Even when in session, the Banking Committee never had more than three senators in attendance to hear the testimony of Federal Trade Commission (FTC) Chairman Deborah Majoris and officials from the Secret Service.
Those that did show, however, took ample opportunity to blast ChoicePoint and Bank of America for their security practices and none more so than Charles Schumer (D-N.Y.), Patrick Leahy (D-Vt.) and John Corzine (D-N.J.).https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
Schumer used his brief appearance to tout the "comprehensive" privacy legislation he intends to introduce next week.
"In my mind, what bank robbery was to the Depression Era, identity theft is to the Information Age," Schumer said. Saying that Congress needs to learn from the example of ChoicePoint to "replace the current patchwork of state and federal laws with a real security blanket -- one that protects privacy, keeps Social Security numbers private, and prevents fraud and identity theft."
Schumer said his legislation would create an Office of Identity Theft in the FTC to have jurisdiction over companies that lawfully acquire and keep personal consumer data. The bill will also call for companies to demonstrate a need for customers' personal information before requiring it from them.
Corzine also promised new legislation.
"Make no mistake about it, identity theft poses a very real threat to our economy and it is on the rise," Corzine said. "In fact, it's our nation's fastest growing crime. And last year, identity theft complaints to the Federal Trade Commission grew by 50 percent since 2002. With so many instances of fraudsters seeking to abuse an individual's good name, it is clear that more must be done to prevent the proliferation of identity theft."
The Corzine bill would require companies, including financial institutions and other commercial entities such third-party data collectors like ChoicePoint to establish security systems that safeguard the sensitive personal information they maintain for, or on behalf of, their customers.
As part of that requirement, the company's chief compliance officer, or its CEO, would be required to personally attest that the safeguards are in place and that the firm has an ongoing system of monitoring its compliance with federal guidelines.
Additionally, the bill also addresses victim notification and recovery efforts by requiring firms to promptly notify affected customers, credit reporting agency and law enforcement when a breach, or loss, of sensitive customer information has occurred.
The Alpharetta, Ga.-based ChoicePoint, one of the country's largest data warehouses, compiles data, including Social Security numbers and credit reports, on virtually every American. In February, the company admitted it had been a victim of a criminal fraud, duped into turning over consumer personal information.
Days later, Bank of America confirmed that computer data tapes containing U.S. federal government charge card program customer and account information were lost during shipment to a backup data center. The missing tapes included personal information on 1.2 million federal employees.
"We know understand that this type of transport was routine, not only for Bank of America, but for the entire industry," Leahy said.
"ChoicePoint's bread-and-butter business includes identity verification and screening to help corporate America 'know its customers.' Yet the company failed to know its own customers and sold personal information on at least 145,000 Americans to criminals posing as legitimate companies."
ChoicePoint officials did not get an opportunity to testify at the hearing.