March 1, 2005 4:00 AM PST

'Perfect storm' for new privacy laws?

A series of security break-ins is kick-starting a political drive to reshape federal laws that dictate how companies protect personal information--and what they have to do if that data leaks out.

What began with the leak of tens of thousands of records from data broker ChoicePoint earlier this month was quickly compounded by a series of rapid-fire incidents involving Bank of America, Science Applications International Corp., an online payroll services company and the T-Mobile Sidekick of hotel heiress Paris Hilton.

That avalanche of high-profile breaches in the last month has captured the attention of a growing number of U.S. senators, mainly Democrats, who have called for new laws as a response. Sen. Arlen Specter has pledged to convene hearings in his Judiciary committee, often an initial step in the legislative process. An aide to the Pennsylvania Republican said Monday that a hearing is being scheduled and is expected to be held soon.

News.context

What's new:
An avalanche of high-profile breaches in the last month has captured the attention of a growing number of U.S. lawmakers.

Bottom line:
Advocates hope it will spur greater regulation of the shadowy industry that creates digital dossiers on Americans.

More stories on data theft

"Ten days after the ChoicePoint breach of personal data involving between 145,000 and 500,000 people was revealed, today another breach of data was revealed, this time by loss," Sen. Dianne Feinstein, a California Democrat, said in response to Bank of America's admission that it had misplaced backup tapes containing 1.2 million customer records. "These two instances dramatize the need to take steps for the protection of an individual's personal data. The Congress needs to address it."

At the federal level, privacy laws tend to be created erratically, spurred by one well-publicized emotional anecdote after another. Congress approved the Video Privacy Protection Act in 1988 after a newspaper published Supreme Court nominee Robert Bork's video rental records. The murder of actress Rebecca Schaeffer, whose killer found her address through DMV records, led to the Drivers Privacy Protection Act.

Advocates of greater regulation are hoping the latest security breaches will be just as politically potent. "I don't think Congress can ignore what's happened," said Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC) in Washington, D.C. "This may be the first mass disclosure of personal information that triggers congressional action."

For ChoicePoint and similar data aggregators, including Acxiom and Westlaw (a research service operated by Thomson West), the recent breaches could hardly come at a worse time. The start of a new congressional session often leaves politicians casting about for new issues, and a pair of recent books has cast a critical light on the typically shadowy industry that creates digital dossiers on Americans.

The price of ChoicePoint shares have plummeted about 15 percent, from a high of nearly $48 to around $40, since the scandal became public. Rival Acxiom's shares also have suffered, and a Westlaw "People-Find" service came under attack last week from Sen. Charles Schumer, Democrat of New York.

An "Exxon Valdez of privacy"?
"I don't think it's right to wait until there's an Exxon Valdez of privacy," Sen. Ron Wyden, a Democrat from Oregon, said nearly five years ago, back when Congress was more concerned with Web companies than data brokers. Now that kind of privacy disaster finally has arrived, at least according to congressional Democrats.

One possible response from Congress would be an attempt to extend an existing federal law, the Fair Credit Reporting Act (FCRA), which deals with credit-reporting agencies such as Equifax, to cover data-

CONTINUED:
Page 1 | 2 | 3

5 comments

Join the conversation!
Add your comment
Hmmm....
After reading this article how many people still believe that the "Real ID Act" proposal to link state databases is a good idea?

Real ID References:
<a class="jive-link-external" href="http://news.search.com/search?q=Real+ID+act&#38;x=0&#38;y=0" target="_newWindow">http://news.search.com/search?q=Real+ID+act&#38;x=0&#38;y=0</a>
Posted by (23 comments )
Reply Link Flag
It's PayMaxx
I wonder why PayMaxx is the only organization not specifically named in this article. It's referred politically-correctedly as " online payroll services company"...
Posted by 201293546946733175101343322673 (722 comments )
Reply Link Flag
Got You Coming And Going
In 1997 ChoicePoint was spun off from Equifax. Today, you can spend $120 a year with Equifax to monitor your personae for identity theft -- presumably from sloppy companies like Choicepoint that put your identity risk. Simultaneously, ChoicePoint sells your personae to other mega companies.

I'd like to know how much ChoicePoint makes off of each personal dossier they sell (over and over again). If you buy a product like insurance, you are going to pay a procesing fee, origination fee, call it what you want, that includes the cost of a personal report on YOU, from ChoicePoint. This is like triple-dipping, at a minimum.

So if you think Congress will pass legislation to protect you that in any way jeopardizes the credit compiling/credit selling gravy train, think again. It's going to take a heck of a lot of consumer activism to fight the powerful, well-heeled institutional lobbyists in Washington.

Something else that hasn't been discussed. What about all the personal information on you that is processed overseas? What protections are in place today to protect your identity? What protections would be in new legislation? If I were ChoicePoint, I would think about spinning off the operation and moving it offshore, away from U.S. rules and regs. This has worked marvelously for cruise ships, which are all registered in Liberia.


"Equifax Insurance Services Group soon will be known as ChoicePoint. Later this summer, pending an IRS ruling on a stock exchange, Equifax Insurance Services Group will be spun off from Equifax, becoming a separate, independent public company.

ChoicePoint will offer the same services as Equifax does today: risk management information to the commercial and personal lines insurance markets, and will be comprised of all the current Insurance Services operations."
Posted by Stating (869 comments )
Reply Link Flag
They have you harder than that...
Take a look and be scared.
<a class="jive-link-external" href="http://www.fbifile.com/fbifile-sample.html" target="_newWindow">http://www.fbifile.com/fbifile-sample.html</a>

Oops... Sorry about that ma'am but the contractor we hired accidently passed us bad information so you can't VOTE THIS YEAR.

Last I checked though we already had a Privacy law that covered this sort of datamining activity. Its called the 4th Amendment to the US Constitution. Contained some nonsense about people being "secure in their persons, houses, papers, and effects", probable cause and warrants supported by Oath or affirmation. At least I think that is what it says... If you want to verify it take a look:
<a class="jive-link-external" href="http://caselaw.lp.findlaw.com/data/constitution/amendment04/" target="_newWindow">http://caselaw.lp.findlaw.com/data/constitution/amendment04/</a>
Posted by (23 comments )
Link Flag
Bank of America files for bankruptcy?
WITHDRAW YOUR FUNDS NOW! BofA bankrupt? Bank of America president, Terry E. Perucca, announced in an emergency press conference today that Bank of America NA may be forced to file Chapter 7 bankruptcy. This was later confirmed by Richard M. DeMartini at 2:00pm Eastern.
In a statement from Louis W. Smith, retired president, "I'm not surprised. The unethical treatment of consumers was the main reason I left. It's about time the supreme court stepped in."
Posted by (4 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.