Saturday, July 22, 2006

The Financial Data Protection Act Doesn't Protect the Citizen

Many states have passed legislation, where mandatory notification of consumers is the "law" when personal information is stolen. Now Congress will probably "nullify" a lot of this with the Financial Data Protection Act.

Here is a release by Press Wire:

Next week, the leadership of the House of Representatives plans to vote on "The Financial Data Protection Act," a controversial and weak version of data security legislation that would strip consumers of their existing state rights to protect themselves against identity theft.

"It's shocking that at a time when data breaches are in the headlines daily and consumers are at greater risk than ever for identity theft, Congress would choose to vote on a bill that would strip consumers of their existing identity theft protections," said Susanna Montezemolo, policy analyst with Consumers Union, nonprofit publisher of Consumer Reports magazine. "Congress should be helping consumers prevent identity theft, not making things worse," she added.

Ed Mierzwinski, Consumer Program Director for the U.S. Public Interest Research Group, added: "The states have given consumers strong identity theft protections, but Congress wants to take those rights away with this industry-approved bill that won't prevent data breaches and won't scare identity thieves into going straight. If House leadership is using this bill as a message, the message is quite simple: consumers lose out."

To understand why there are some - who would want to weaken this legislation - all one needs to do is look at the companies, who have been losing everyone's information.

Credit bureaus and the financial services industry have been making billions selling "personal information" for years.

According to the Privacy Rights Organization, which has monitoring these breaches, almost 90 million Americans have had their identities compromised. You can view their chronology, here. Note that in some of the breaches (the number was unknown) so the actual number of people compromised might be higher.

There are a few flaws (my opinion) in the current legislation. The new laws will allow companies, institutions and organizations to decide - via an internal investigation - whether disclosure is warranted, and gives them 45 days to report it if there is a "reasonable risk" of identity theft. If we look at this from a historical perspective (organizations reporting themselves), we are in a lot of trouble.

The law reeks of allowing the "foxes to watch the chicken coop."

The other thing that bothers me is the impact this might have on our safety and security. There is little doubt that the "identity theft" business is booming and controlled by organized crime.

Here is a previous post, I wrote about that:

Mexican Organized Crime Ring is Mass Producing Fake Documents - and Considers Terrorism an American Problem

In a era - where we are concerned about "border security and terrorism" - this law doesn't make sense.

So far as "making sense," here is a post I did regarding why some of this criminal activity has become so lucrative:

Are We Addressing Cyber Crime from the Wrong End

The Consumers Union recommends you write your representative to express your displeasure. You can do so on their website.

No comments: