March 1, 2005 4:00 AM PST
'Perfect storm' for new privacy laws?
- Related Stories
Bank of America loses a million customer recordsFebruary 25, 2005
Payroll site closes on security worriesFebruary 23, 2005
Paris Hilton's cell phone hacked?February 21, 2005
Scammers access data on 35,000 CaliforniansFebruary 15, 2005
ID-theft alert follows break-in at federal contractorFebruary 14, 2005
The flip side of database snoopingFebruary 7, 2005
(continued from previous page)
company stressed that it has entered discussions with other members of its industry on how to minimize fraud, and has started re-verifying its customers' credentials to weed out potentially fraudulent applicants.
"We have already begun sharing our experiences, observations and ideas with several of the other major corporations in our industry, and we will seek to lead an industrywide initiative to develop, adopt and deploy new measures that will identify and halt identity theft and fraud," ChoicePoint said in the statement.
In addition, ChoicePoint offered support for a broader national debate that could include legislation to allow independent oversight and increased accountability of entities that handle data, increased penalties for the intentional misuse of personal information, and mandatory notification by government and business of any unauthorized access to personal data.
California as precedent?
The current atmosphere at a national level is similar to the state of affairs in California that led to the passage of the Security Breach Information Act (S.B. 1386)--the law that recently forced ChoicePoint to disclose the October breach.
In April 2002, a hacker gained access to the state's Stephen P. Teale Data Center, stealing the payroll information of California's more than 225,000 state employees, including legislators and their staff. The State Controller's office discovered the breach in early May, but didn't notify workers until May 25, leaving their financial identities open to misuse.
Within four months, a bill authored by former state Sen. Stephen Peace and then-Assemblyman Joseph Simitian had been signed by Gov. Gray Davis. The bill took effect on July 1, 2003.
Bank of America's recent admission that the company lost backup tapes with as many as 1.2 million records could have similar scope as the Teale breach, even though there is no evidence so far that the financial data has been misused. The tapes contained information on the customers and accounts of the U.S. government's SmartPay credit card program, which has more than a 2.1 million cardholders and annual transactions totaling more than $21 billion, according to the General Services Administration.
"There is a good chance we'll see some new regulations, especially because the Bank of America incident hits closer to home--their (lawmakers') information was included on the tapes that were lost," said Jordana Beebe, communications director for the Privacy Rights Clearinghouse, a nonprofit consumer group.
If the industry does not lock down people's data, whether by legislative mandate or by responding to customer concerns, business could suffer, said Chris Voice, chief technology officer at security company Entrust.
"It is becoming a matter of survival from a business perspective that if your customers lose trust, they will go to someone who will guard their information better," Voice said.
5 commentsJoin the conversation! Add your comment