Specter-Leahy Bill Targets DB Blunders

Of the ten identity theft bills that have come before Congress in the current session, a few may actually stand a chance of becoming law. Among the more likely prospects is a bill introduced by a bipartisan pair of legislators: Senators Arlen Specter (R-Pennsylvania) and Patrick Leahy (D-Vermont).

The Specter-Leahy bill was introduced after an extraordinary series of database breaches and data disappearances that sparked hearings in both chambers of Congress and outrage on both sides of the aisle. Choicepoint, LexisNexis, Bank of America, and a host of other businesses and institutions — including numerous colleges and universities — have tested the patience of lawmakers and consumers alike with a wave of data breach revelations that brought the number of affected individuals into the millions.

Unfortunately, while there are measures consumers can take to reduce their risk of identity theft, there is little that individuals can do to protect themselves against the possibility of a large-scale database compromise. In order to strengthen consumer protections against such incidents and the havoc they can wreak, the Specter-Leahy bill proposes:

• To require businesses and institutions that possess consumer's personal information to establish internal policies to protect it, as well as vetting any third parties hired to process it;
• To give individual consumers the right to review and correct personal information held by data brokers;
• To require that organizations that possess consumers' personal data notify them when breaches take place;
• To specifically limit the purchase, sale, or display of Social Security numbers without the consumers' consent;
• To prohibit companies from requiring customers to use Social Security numbers as account numbers, or requiring Social Security numbers before providing goods and services;
• To establish privacy and security rules governing the use by federal agencies of personal information provided by data brokers; and
• To increase penalties for identity theft.

Other noteworthy identity theft-related bills now before the Congress include the Identify Theft Protection Act, introduced by Senator Gordon Smith (R-Oregon) and co-sponsored by Senators Ted Stevens (R-Alaska), the chairman of the Commerce Committee, and Daniel Inouye (D-Hawaii), the committee's ranking member. Senators Dianne Feinstein (D-California) and Charles Schumer (D-New York) also have introduced bills related to identity theft and database compromise notification in the current session.