Congress seeks to change legal landscape for data breaches
Recent large-scale data security foul-ups and identity thefts haven't gone unnoticed by lawmakers. The recent passage of data privacy legislation by two House committees increases the likelihood that Congress will approve a bill this year the will impose new requirements on data brokerage companies such as ChoicePoint Inc., LexisNexis Group and Acxiom Corp.
Both the Financial Data Protection Act of 2005 (H.R. 3997) and the Data Accountability and Trust Act (H.R. 4127) passed through committee by large, bipartisan margins of 48-17 and 41-0, respectively.
House bill 4127, which is derived from the House Energy & Commerce Committee version and was passed in March, requires notification only if the theft or loss of consumer data is judged to pose a "reasonable risk of identity theft to the individual to whom the personal information relates." The committee approved the "reasonable risk" standard after tougher language in a subcommittee bill that had a higher threshold of "significant risk."
Data brokers, however, prefer the "significant risk" language. In 2005, Deborah Platt Majoras, the chairman of the Federal Trade Commission, told the Senate Judiciary Committee "We are grappling with the issue of over-notification. We have learned that consumers become numb to too many notifications."
House bill 3997, approved by the House Committee on Financial Services, requires data brokers to notify law enforcement agencies and businesses that are in the transaction chain if a data security breach "may result in harm or inconvenience to any consumer." If the potential breach can result in financial fraud against consumers by causing harm or inconvenience, then the consumers must be notified through a uniform mailing.
The bills have important differences, but both address problems highlighted early in 2005 when the state of California's Security Breach Information Act (SB-1386) forced ChoicePoint and LexisNexis to disclose that identity thieves had pilfered data on more than 450,000 customers.
There are two additional bills passed last year by Senate committees that are intended to shore up corporate data security: the Personal Data Privacy and Security Act (S. 1789), and the Identity Theft Protection Act (S. 1408).
All four of the congressional bills contain a notification requirement based on a risk analysis. The California bill, and many of the 20-plus state bills which have followed in its wake, define a security breach requiring the company holding the data to alert the state, businesses and consumers, as "unauthorized acquisition of or access to computerized or other data that compromises the security, confidentiality, or integrity of personal information maintained by the person or business."
There are no finite risk thresholds in the bills, which mean its uncertain how much data would have to be leaked or stolen before an organization would be obligated to issue notifications. But a staff counsel to the Center for Democracy and Technology noted that the existing California law has an exemption for theft of encrypted data. No notification is required in that instance.
It is also required in all four bills that data brokers adopt security standards that would be, in some cases, dictated by federal agencies. The Energy & Commerce bill requires data brokers to establish "reasonable procedures" to verify the accuracy of information that they collect and maintain:
In addition to common elements on notification and security standards in all four bills, each contain a variety of other provisions, including:
Granting consumers access to their personal data files
Giving consumers the ability to freeze their credit reports
Forbidding the solicitation, sale, or display of social security numbers
Requiring federal agencies to audit the information security practices of data brokers bidding for federal contracts
A LexisNexis spokesman declined to comment on the notification provisions in the various congressional bills. Spokespersons at ChoicePoint Inc. and Acxiom Corp. did not respond to inquiries.
A communications director for the Cyber Security Industry Alliance (CSIA) said his group has not endorsed either of those two House bills, nor the Senate bills.
"All the bills generally are headed in close enough to the right direction. We want a bill passed into law much more than we want to insist on one particular piece of legislation."
In fact, few proposed bills have as much bipartisan congressional support and as little significant interest group opposition as the data privacy bills, suggesting that a single, compromise version would be likely to land on President Bush's desk this year.
ASSET PROTECTION INFORMATION
- Asset Protection Terrorist Lists
- FAQs Probate
- Asset Protection Incorporate Offshore
- Asset Protection Tax Scams
- Asset Protection Offshore Insurance Fraud
- Asset Protection Title Scam
- Limited Partnerships
- Being A Limited Partner
- Asset Protection Admin Subpoenas
- Self Settled Asset Protection Trusts
- Wyly Case
- Asset Protection Living Wills
- Asset Protection Banking Information
- Family Limited Partnerships For Estate Planning
- Asset Protection Non Tax Estate Planning
- Home Protection
- Sweden Capitalism Or Socialism
- Asset Protection Tax Shelter Crack Down
- Asset Protection Information
- ASSET PROTECTION CONGRESS
- Irrevocable Life Insurance Trust
- Asset Protection Facts
- C Corporations
- Preventing Lawsuits
- Case Study Community Spouse
- Asset Protection Trouble In Belize
- Inheritance Trusts
- Asset Protection Tax Scam Warning
- Asset Protection Nevada Corporations
- Asset Protection Llawsuits Cost Jobs
- Asset Protection Swiss Annuities
- Asset Protection Antigua And Barbuda
- Asset Protection Living Trust Scams
- Asset Protection Money Laundering Case
- Asset Protection LLCs
- Asset Protection Tax Shelters 3
- Asset Protection Strategy
- Debt Consolidation
- Asset Protection Trust Services
- Asset Protection Tax Fraud Conviction
- OVERVIEW Seminar
- Asset Protection John Galt
- LLCs And S Corps
- Asset Protection
- Asset Protection Nevada Corporation
- Family Limited Partnerships
- Asset Protection Ponzi Schemes
- Asset Protection Business Risks
- Fraudulent Conveyance
- Asset Sign Up
- Asset Protection Courses
- Asset Protection Who Needs LLC
- Wyly Offshore Operations
- Banking Records
- Comparing Mutual Funds To Cash Value Life Insurance
- Anderson Case
- Wills Versus Trusts
- Asset Protection Tort Reform
- Asset Protection Uk Offshore Bank Probe
- Asset Protection Revocable Trusts And Probate
- Asset Protection Tax Shelters
- Asset Protection Tax Fraud
- Nevis LLC
- Intentionally Defective Grantor Trust
- Anderson Case Expert Comments
- Asset Protection Lllc Disolution
- Asset Protection Tax Evader
- Asset Protection Aegis Fund Value
- Asset Protection Annual Stella Awards
- Characteristics Of Effective Asset Protection
- Hiding Assets
- Asset Protection Aml Software
- Panamanian Foundations
- Probate And Revocable Trusts
- Asset Protection Uk Haven Crack Down
- LLC Operating Agreements
- TrustMakers Forms Center
- TrustMakers Site Map
Learn more about protecting your assets with these articles:
If you are looking for the most important concepts in Asset Protection, this is where to start! If you need to talk intelligently about protecting your net worth or you are a professional this online training program is for you!
Get our Free Online Asset Protection Video Course.
Learn how to protect yourself like the pros!
Clear, concise and straight forward, this e-Book will help you make sound decisions with your business and personal assets..
This e-course will give you straight forward asset protection advice you can implement now. One of the best asset protection courses available! Includes 70+ video lessons, 3 Ebooks, and 6 example legal documents!
The key to a solid Asset Protection Plan is the Estate Plan. This downloadable estate organizer will help you keep track of important information about your assets and important legal documents all in one place.