Tuesday, June 27, 2006

Senators introduce data security legislation

Senators introduce data security legislation
By John Poirier

WASHINGTON (Reuters) - Two senators on Monday introduced legislation to better protect sensitive personal data held by institutions including financial services firms, retailers and government agencies.

"We are not doing enough to protect consumers and businesses from identity theft and account fraud," said Sen. Bob Bennett, a Utah Republican who chairs the Senate banking subcommittee on financial institutions.

Bennett and Sen. Tom Carper, a Delaware Democrat, introduced the Data Security Act of 2006, which creates a uniform national standard to safeguard data on Social Security, driver's licenses, credit cards, and account access codes and passwords.

It also requires that notifications be sent to consumers when there is a likelihood that stolen identities or accounts could cause "substantial harm or inconvenience."

Similar legislation has emerged from committees in the House of Representatives, but the full House has not yet voted on a final version.

Personal information on 26.5 million veterans was stolen last month from the Department of Veterans Affairs. Since then, authorities have said the stolen data includes information on 2.2 million active-duty, National Guard and Reserve troops. Personal data on 28,000 U.S. sailors and their families appeared on a public Web site last week.

Even Agriculture Secretary Mike Johanns and other top officials were among 26,000 people whose personal information may have been stolen by a computer hacker, the department said last week.

"We used to just worry about people breaking into our homes or stealing our cars, but in the 21st century, we have to worry about people stealing our identities via computers and the Internet," Carper said.

The Senate bill would cover any information that could be used to commit identity theft or account fraud at businesses and government institutions, which would be required to safeguard all paper and electronic records.

The American Bankers Association said banks already have a system in place. "It makes sense to extend bank-like regulations to other industries that handle sensitive information," said ABA executive director Floyd Stoner.

The bill would also charge state and federal regulatory agencies to oversee the operations and business practices of their entities, and the agencies themselves would be internally regulated.