Senators push for regulation of data brokers

Senators push for regulation of data brokers

Capitol Hill support is growing for regulation of data brokers in the wake of several high-profile identity thefts from companies that maintain large databases of sensitive personal information.

"I believe there will be some very firm federal regulations coming out of this issue," Sen. Arlen Specter (R-Pa.) said during a Senate Judiciary Committee hearing today.

Three senators said at the hearing they have recently introduced or will introduce legislation to secure and control the handling of personal data in an effort to combat identity theft.

"It is my conclusion that we do need federal legislation" to replace the current patchwork of state and federal laws, Specter said. "We need uniformity."

The hearing came one day after LexisNexis Group of Dayton, Ohio, reported that information on as many as 310,000 individuals might have been stolen from its databases over the past two years.

"We sincerely regret these incidents," said Kurt P. Sanford, CEO of the company's corporate and federal markets, who told the committee LexisNexis is making substantial changes in its business practices, tightening security and limiting access to some types of information.

The company also is offering victims $20,000 worth of ID theft insurance coverage.

When pressed by senators, Sanford and executives of two other companies that have suffered security breaches said they would support some regulation of their industry.

"Adoption of additional legislation may be appropriate," said Jennifer T. Barrett, chief privacy officer of Acxiom Corp. of Little Rock, Ark.

Data brokers gather and sell personal data, including Social Security and driver's license numbers, financial histories and addresses, of millions of individuals. The information supports the credit industry and is used for background checks and criminal investigations.

The government is a major consumer of these services. The FBI has contracts with many companies and paid $75 million last year to one, ChoicePoint Inc. of Alpharetta, Ga. FBI use of the services is growing. Chris Swecker, assistant director of the Criminal Investigation Division, said the bureau made about 1 million queries to data brokers in fiscal 2003, and 1.2 million queries to ChoicePoint alone in 2004.

ChoicePoint announced earlier this year that it had sold data on as many as 145,000 individuals to phony clients. ChoicePoint president and chief operating officer Douglas C. Curling apologized to the committee for that breach.

Neither LexisNexis nor ChoicePoint was hacked. In each case data was taken by persons using valid names and passwords.

Two Democratic senators, Charles E. Schumer of New York and Bill Nelson of Florida, introduced a bill Tuesday to regulate data merchants and create an Office of Identity Theft in the Federal Trade Commission.

Sen. Russ Feingold (D-Wis.) said he would reintroduce his Data Mining Reporting Act, which would require agencies to report to Congress about their data mining of public databases.

Sen. Dianne Feinstein (D-Calif.) said she introduced a bill Monday to require notification of people whose personal information might have been compromised.

"This is the third congress in which I have introduced bills" to give more control over personal information, Feinstein said.

Feinstein's bill is modeled on the 2003 California law requiring notification about security breaches. All three companies represented at the hearing acknowledged unreported security breaches prior to enactment of the California law.

"We would not have known of these breaches if not for the California law," Feinstein said.

Vermont attorney general William H. Sorrell said he supported federal legislation but it should not pre-empt stricter state laws.

"Have your law be a floor, not the ceiling," he said.

About the Author

William Jackson is a Maryland-based freelance writer.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.