ID theft bill ready for confidence vote

The Data Accountability and Trust Act could be going to a House vote soon.

Somehow, someway, I smell “CAN-SPAM 2,” only much more serious. The legislation provides for consumer notice in the event of a breach, but only if there is “reasonable risk of identity theft to the individual to whom the personal information relates, fraud or other lawful conduct.”

First, who the hell determines what a “reasonable risk” is? The FTC, after a breach? Second, consumers would be allowed access to their data, and a chance to correct inaccurate information. Isn’t that issue covered by the Fair Credit Reporting Act already?

The problem with notice is the speed in which it is executed. If data brokers had statutory liability for each breach, say tied to actual damages their breach caused, plus mitigation costs, they would spend a lot more money on internal security procedures, and be a lot more likely to notify affected consumers with speed and efficiency.

Right now, it sounds like they are being given incentives to cooperated with some governmental body, which thereby covers their own butts. And not much more.

***UPDATE***

Slashdot readers chime in on The Data Accountability and Trust Act.

Comments

Tman says:

This is pure CYA by the data miners, credit companies, the bureaus and lending institutions. They sent their lobbysists to get a law passed that would preempt state laws. That’s exactly what this one does. State laws, take California’s for example, require notification of a breach regardless if their is “reasonable risk”. If it wasn’t for their state laws, no one would have ever found out about the Choicepoint debacle. This is a win for big business, and a HUGE loss for consumers.

Leave a Reply to Tman Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.