Bill takes aim at identity theft

Federal agencies would be required to notify citizens of unauthorized access to their computerized personal data under a bill introduced yesterday by Sen. Dianne Feinstein (D-Calif.).

The bill, which Feinstein called a 'practical measure to curb identity theft,' is modeled on a California state law that goes into effect July 1. Unlike the California law, S 1350 would apply to federal agencies, state governments and businesses engaged in interstate commerce.

According to a draft, the bill defines personal information as a person's full name or first initial and last name, together with that person's Social Security number, driver's license number, state identification number, or bank or credit card account number. Owners or controllers of databases with such information would have to notify individuals 'as expediently as possible and without unreasonable delay' following discovery of a breach.

Notification could be in writing or by e-mail or, if that were too expensive or impractical, by conspicuously publicizing the persons' names on a Web site or through media.

The bill does not apply to encrypted data. Unlike the California law, it exempts agencies and companies that already have reasonable notification policies in their security programs. Notification also could be delayed if a law enforcement agency determined it would interfere with an investigation.

The Federal Trade Commission would enforce the provisions in Feinstein's bill. State attorneys general could file suits under its provisions, and fines might range from $5,000 per violation up to $25,000 per day. The bill would allow the California law to remain in effect but would pre-empt other, conflicting state laws.

The Feinstein bill has been referred to the Senate Judiciary Committee.

About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected