4 April 2005
Re: Washington Post article highlights need for identity theft protections
We wanted to draw your attention to a front-page article from today’s Washington Post on identity theft and the security of one of our most important possessions – our Social Security numbers. Today, Social Security numbers (SSNs) are used as identifiers for everything from driver’s license numbers, to insurance policy numbers, to credit applications. The widespread use of SSNs in this information age means that we are all at risk for identity theft. As George Washington University Law School Professor Daniel J. Solove points out in the attached Post article, identity thieves use Social Security numbers as “their magic key … that gets into every door.”
The article points out that “with only scant checks to verify whether someone requesting data is legitimate, several [web]sites sell full Social Security numbers, potentially contributing to an epidemic of identity theft or fraud that touched about 10 million Americans in the past year.” Unfortunately for the millions of victims of identity theft each year, “the system relies on the honesty of the person seeking data, and the diligence of the person selling it,” according to the Post.
We’ve already seen the result of industry self-regulation; scandals like ChoicePoint and Lexis-Nexis data leaks point to the need for Congressional action. We urge Congress to address the issue of identity theft in three arenas: 1) Prevention: The best outcome for consumers is for data breaches never to occur, so prevention is key. We need to limit use of SSNs and other personal information in the marketplace and impose strong security standards upon information brokers. 2) Notification: Should significant breaches of information occur (such as unauthorized access to social security numbers or account numbers), the business or government entity that holds that information needs to notify consumers in a timely and specific fashion so that they can protect themselves further. 3) Remedies for Victims: The burden shouldn’t be on consumers to repair their credit – they are the victims, and it is undisputed that identity theft they may face is very time-consuming and stressful. It takes on average 600 hours for victims to repair their credit, at a cost of about $1,400. There must be remedies – such as covering out-of-pocket costs , offering free credit monitoring services, and providing security freezes.
We support efforts in Congress to protect consumers against identity theft, including Senator Bill Nelson and Representative Markey’s “Information Protection and Security Act” (S. 500/H.R. 1080). This legislation would give the Federal Trade Commission the ability to hold information brokers (like ChoicePoint and Lexis-Nexis) accountable for security breaches and would give consumers the opportunity to correct incomplete or inaccurate information. We also support a bill that Senator Feinstein will be reintroducing later this week, the “Notification of Risk to Personal Data Act.” This would provide for timely and specific notice to consumers after a security breach. In addition, we look forward to working with Members of Congress and Senators on additional approaches to addressing this critical problem.
If you need any additional information, please do not hesitate to contact us at (202) 462-6262.
Esther Peterson Fellow