March 1, 2005 4:00 AM PST

'Perfect storm' for new privacy laws?

(continued from previous page)

company stressed that it has entered discussions with other members of its industry on how to minimize fraud, and has started re-verifying its customers' credentials to weed out potentially fraudulent applicants.

"We have already begun sharing our experiences, observations and ideas with several of the other major corporations in our industry, and we will seek to lead an industrywide initiative to develop, adopt and deploy new measures that will identify and halt identity theft and fraud," ChoicePoint said in the statement.

In addition, ChoicePoint offered support for a broader national debate that could include legislation to allow independent oversight and increased accountability of entities that handle data, increased penalties for the intentional misuse of personal information, and mandatory notification by government and business of any unauthorized access to personal data.

California as precedent?
The current atmosphere at a national level is similar to the state of affairs in California that led to the passage of the Security Breach Information Act (S.B. 1386)--the law that recently forced ChoicePoint to disclose the October breach.

The ChoicePoint debacle could not have been a fatter, slower pitch across the plate.
--Jim Harper, director of information policy, the Cato Institute

In April 2002, a hacker gained access to the state's Stephen P. Teale Data Center, stealing the payroll information of California's more than 225,000 state employees, including legislators and their staff. The State Controller's office discovered the breach in early May, but didn't notify workers until May 25, leaving their financial identities open to misuse.

Within four months, a bill authored by former state Sen. Stephen Peace and then-Assemblyman Joseph Simitian had been signed by Gov. Gray Davis. The bill took effect on July 1, 2003.

Bank of America's recent admission that the company lost backup tapes with as many as 1.2 million records could have similar scope as the Teale breach, even though there is no evidence so far that the financial data has been misused. The tapes contained information on the customers and accounts of the U.S. government's SmartPay credit card program, which has more than a 2.1 million cardholders and annual transactions totaling more than $21 billion, according to the General Services Administration.

"There is a good chance we'll see some new regulations, especially because the Bank of America incident hits closer to home--their (lawmakers') information was included on the tapes that were lost," said Jordana Beebe, communications director for the Privacy Rights Clearinghouse, a nonprofit consumer group.

If the industry does not lock down people's data, whether by legislative mandate or by responding to customer concerns, business could suffer, said Chris Voice, chief technology officer at security company Entrust.

"It is becoming a matter of survival from a business perspective that if your customers lose trust, they will go to someone who will guard their information better," Voice said.

Previous page
Page 1 | 2 | 3

5 comments

Join the conversation!
Add your comment
Hmmm....
After reading this article how many people still believe that the "Real ID Act" proposal to link state databases is a good idea?

Real ID References:
<a class="jive-link-external" href="http://news.search.com/search?q=Real+ID+act&#38;x=0&#38;y=0" target="_newWindow">http://news.search.com/search?q=Real+ID+act&#38;x=0&#38;y=0</a>
Posted by (23 comments )
Reply Link Flag
It's PayMaxx
I wonder why PayMaxx is the only organization not specifically named in this article. It's referred politically-correctedly as " online payroll services company"...
Posted by 201293546946733175101343322673 (722 comments )
Reply Link Flag
Got You Coming And Going
In 1997 ChoicePoint was spun off from Equifax. Today, you can spend $120 a year with Equifax to monitor your personae for identity theft -- presumably from sloppy companies like Choicepoint that put your identity risk. Simultaneously, ChoicePoint sells your personae to other mega companies.

I'd like to know how much ChoicePoint makes off of each personal dossier they sell (over and over again). If you buy a product like insurance, you are going to pay a procesing fee, origination fee, call it what you want, that includes the cost of a personal report on YOU, from ChoicePoint. This is like triple-dipping, at a minimum.

So if you think Congress will pass legislation to protect you that in any way jeopardizes the credit compiling/credit selling gravy train, think again. It's going to take a heck of a lot of consumer activism to fight the powerful, well-heeled institutional lobbyists in Washington.

Something else that hasn't been discussed. What about all the personal information on you that is processed overseas? What protections are in place today to protect your identity? What protections would be in new legislation? If I were ChoicePoint, I would think about spinning off the operation and moving it offshore, away from U.S. rules and regs. This has worked marvelously for cruise ships, which are all registered in Liberia.


"Equifax Insurance Services Group soon will be known as ChoicePoint. Later this summer, pending an IRS ruling on a stock exchange, Equifax Insurance Services Group will be spun off from Equifax, becoming a separate, independent public company.

ChoicePoint will offer the same services as Equifax does today: risk management information to the commercial and personal lines insurance markets, and will be comprised of all the current Insurance Services operations."
Posted by Stating (869 comments )
Reply Link Flag
They have you harder than that...
Take a look and be scared.
<a class="jive-link-external" href="http://www.fbifile.com/fbifile-sample.html" target="_newWindow">http://www.fbifile.com/fbifile-sample.html</a>

Oops... Sorry about that ma'am but the contractor we hired accidently passed us bad information so you can't VOTE THIS YEAR.

Last I checked though we already had a Privacy law that covered this sort of datamining activity. Its called the 4th Amendment to the US Constitution. Contained some nonsense about people being "secure in their persons, houses, papers, and effects", probable cause and warrants supported by Oath or affirmation. At least I think that is what it says... If you want to verify it take a look:
<a class="jive-link-external" href="http://caselaw.lp.findlaw.com/data/constitution/amendment04/" target="_newWindow">http://caselaw.lp.findlaw.com/data/constitution/amendment04/</a>
Posted by (23 comments )
Link Flag
Bank of America files for bankruptcy?
WITHDRAW YOUR FUNDS NOW! BofA bankrupt? Bank of America president, Terry E. Perucca, announced in an emergency press conference today that Bank of America NA may be forced to file Chapter 7 bankruptcy. This was later confirmed by Richard M. DeMartini at 2:00pm Eastern.
In a statement from Louis W. Smith, retired president, "I'm not surprised. The unethical treatment of consumers was the main reason I left. It's about time the supreme court stepped in."
Posted by (4 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.