Download our in-depth report: The Ultimate Guide to IT Security VendorsWASHINGTON -- Unless Congress takes quick action against identity theft, Americans will soon find all their personally identifiable information up for sale or in the hands of ID thieves.
That's the sentiment of U.S. Sen. Bill Nelson (D-Fla.). He and Charles Schumer (D-N.Y.) want data brokers, such as ChoicePoint and LexisNexis, to be regulated in the same manner as credit bureaus.
''We must mandate that companies must reasonably protect this information collected on virtually every American,'' Nelson said. ''As a result of what we've seen so far, if we don't do something, none of us are going to have any identity left.''
Their goal in co-sponsoring new legislation is to require notification to consumers when their data is compromised and crack down on the sale of Social Security numbers.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i Nelson's comments came Tuesday as the Senate Commerce Committee began the first of a series of hearings on private data companies that currently have little oversight and few rules that protect public privacy. Hearings are already underway in other Senate and House committees.
''This is a very serious thing with several bills already introduced in Congress. It's going to be a very difficult thing to handle,'' Chairman Ted Stevens (R-Alas.) predicted.
As they have in three previous appearances before Congressional panels this year, executives from ChoicePoint and LexisNexis headlined Tuesday's hearing. And, as before, they again apologized for their companies' well-publicized data breaches while touting their strengthened security measures.
''Even if they [ChoicePoint and LexisNexis] improve their business practices, there are still hundreds of smaller data brokers who have no incentive to change their ways since there is no law governing their behavior,'' Stevens said.
Tuned into the current Capitol Hill clamor for federal action, both companies said they support a data breach disclosure law as long as it pre-empts any existing state laws. If forced to accept regulations, the companies prefer to deal with one federal standard as opposed to a patchwork of state laws.