U.S. Senator Dianne Feinstein

    
    
        

Ways to Stay Informed

    Sign up for my
    E-Newsletter

    My Latest Report from     Washington

    Visiting Washington?     Have Breakfast With     Dianne

    Today in the Senate

Services for Californians

    Washington D.C.
    Tours & Information

    Flag Requests

    Academy Nominations

    Intern Applications

    Scheduling

    Casework

    More California
    Resources

    Grants & Federal
    Domestic Assistance


San Jose Mercury News

Protecting against identity theft

INADEQUATE LAWS LEAVE AMERICANS MORE
VULNERABLE THAN EVER

January 14, 2005

Online holiday shopping jumped 25 percent this year over previous years, a dramatic boost that is great news for Internet retailers, but raises new concerns about the security of personal information that can be used by identity thieves.

The most comprehensive survey of identity-theft victimization, a Federal Trade Commission (FTC) report released in 2003, found that nearly 10 million Americans had been victimized by identity theft in the previous year. The California Office of Privacy Protection estimates that 1.1 million of those victims were Californians.

A separate FTC report found California to have the third-highest rate of identity theft per capita in 2003, with the number of victims increasing by more than 28 percent from 2002.

Rapid changes in technology and inadequate state and federal laws governing the use of personal information have left American consumers more vulnerable than ever to this invasive crime.

And while California has adopted strong privacy protections for state residents, some of those protections are under assault in the courts and might be superseded by federal law.

Of particular concern is the safety of Social Security numbers. In 1936, the Social Security Administration began using numbers to track the wages and benefits of American workers. Since then, the use of Social Security numbers has expanded dramatically.

Today, Social Security numbers are used on occupational licenses, marriage licenses, student identification numbers and records for blood donation, jury selection, and workers' compensation. Private companies commonly use them to identify customers.

And despite their widespread use, ``no single federal law regulates the overall use or restricts the disclosure of Social Security numbers by governments,'' according to the Government Accountability Office.

Another serious issue is the safety of personal information stored in databases. Earlier this month, a hacker broke into a database at George Mason University, compromising the data of 32,000 students, faculty and staff members. Last summer, a University of California-Berkeley database containing the personal information of 600,000 people was penetrated.

And new threats to our personal information continue to emerge. For example, personal data is increasingly being shipped overseas for processing. Last year, the tax returns of nearly 200,000 Americans were prepared in India.

To address these concerns, I plan to introduce a package of measures to regulate the use of Social Security numbers by government agencies and private companies, set national standards for database security, and, in conjunction with Sen. Bill Nelson, D-Fla., establish guidelines for companies that send their customers' personal information overseas for processing.

My legislation to regulate the use of Social Security numbers would:

• Prohibit the sale or display of Social Security numbers to the general public.

• Remove Social Security numbers from government checks.

Require Social Security numbers to be taken off public records published on the Internet.

In June 2003, I introduced the Notification of Risk to Personal Data Act, a bill modeled on California's database security law. The legislation, which I plan to reintroduce this year, would:

• Define as personal data an individual's Social Security number, driver's license number, state identification number, bank-account number, or credit-card number.

• Require a business or government entity to notify an individual when it appears that a hacker has obtained unencrypted personal data.

• Levy fines by the FTC of $5,000 per violation or up to $25,000 per day while the violation persists.

• Allow California's privacy law to remain in effect, but pre-empt conflicting state laws.

And I continue to work with Sen. Nelson to draft legislation that ensures the personal information of consumers transmitted overseas is secure.

Advances in technology have brought many improvements to the lives of Americans. Indeed, the convenience of online shopping has been a boon to our economy, creating a market estimated at $144 billion this year. But with these advances have come serious privacy concerns.

Last year, Congress made important progress in punishing identity theft by approving the Identity Theft Penalty Enhancement Act, which was signed into law in July. The act imposes tougher penalties on identity thieves and makes it easier for prosecutors to target those identity thieves who steal for the purpose of committing the most serious crimes, including terrorism. However, more needs to be done to prevent identity theft from occurring in the first place.

It is time for Congress to take stronger action to prevent identity theft and ensure that the personal information of Californians, and all Americans, is truly secure.

Home News Site Map Contact Me Issue Updates