Senators introduce data security legislation

[Richard Forno <rforno () infowarrior org>]

Senators introduce data security legislation

By John Poirier
Reuters
Monday, June 26, 2006; 9:08 PM

http://www.washingtonpost.com/wp-dyn/content/article/2006/06/26/AR2006062601
251_pf.html

WASHINGTON (Reuters) - Two senators on Monday introduced legislation to
better protect sensitive personal data held by institutions including
financial services firms, retailers and government agencies.

"We are not doing enough to protect consumers and businesses from identity
theft and account fraud," said Sen. Bob Bennett, a Utah Republican who
chairs the Senate banking subcommittee on financial institutions.

Bennett and Sen. Tom Carper, a Delaware Democrat, introduced the Data
Security Act of 2006, which creates a uniform national standard to safeguard
data on Social Security, driver's licenses, credit cards, and account access
codes and passwords.

It also requires that notifications be sent to consumers when there is a
likelihood that stolen identities or accounts could cause "substantial harm
or inconvenience."

Similar legislation has emerged from committees in the House of
Representatives, but the full House has not yet voted on a final version.

Personal information on 26.5 million veterans was stolen last month from the
Department of Veterans Affairs. Since then, authorities have said the stolen
data includes information on 2.2 million active-duty, National Guard and
Reserve troops. Personal data on 28,000 U.S. sailors and their families
appeared on a public Web site last week.

Even Agriculture Secretary Mike Johanns and other top officials were among
26,000 people whose personal information may have been stolen by a computer
hacker, the department said last week.

"We used to just worry about people breaking into our homes or stealing our
cars, but in the 21st century, we have to worry about people stealing our
identities via computers and the Internet," Carper said.

The Senate bill would cover any information that could be used to commit
identity theft or account fraud at businesses and government institutions,
which would be required to safeguard all paper and electronic records.

The American Bankers Association said banks already have a system in place.
"It makes sense to extend bank-like regulations to other industries that
handle sensitive information," said ABA executive director Floyd Stoner.

The bill would also charge state and federal regulatory agencies to oversee
the operations and business practices of their entities, and the agencies
themselves would be internally regulated.
© 2006 Reuters


_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/errata/dataloss/