WASHINGTON — Alarmed by a flurry of data thefts at companies that keep electronic dossiers on millions of Americans, members of the Senate Banking Committee on Thursday said they would press for new rules to protect the public.
"What bank robbery was to the Depression era, identity theft is to the Information Age," declared Sen. Charles E. Schumer (D-N.Y.).
Under questioning by senators, the head of the Federal Trade Commission, Deborah Platt Majoras, acknowledged that legislation was probably needed.
"I believe there may be additional measures that benefit consumers," Majoras said.
The committee called Thursday's hearing in response to a sudden rash of cases in which thieves have pilfered Social Security numbers and other personal information from commercial databases; these details are then used by criminals to create fraudulent credit card accounts.
Only a day before the hearing came news that identity thieves had gathered personal data onmore than 30,000 people from information broker LexisNexis, a unit of Reed Elsevier.
Meanwhile, shoe retailer DSW Inc. said this week that hackers had obtained credit-card information about consumers from 103 of its 175 stores. On Thursday, a Secret Service agent said the number of people affected could be "in the hundreds of thousands."
These incidents came after two high-profile revelations last month. ChoicePoint Inc. said intruders posing as small-business customers tapped personal data on as many as 145,000 people, and Bank of America Corp. said it lost five computer tapes containing personal information on federal employees who used 1.2 million bank-issued cards.
"Congress needs to act, but we need to do it right," said Sen. Patrick J. Leahy (D-Vt.), one of those whose data were lost.
Leahy suggested that lawmakers should consider tougher penalties for information brokers that fail to protect data. Proper care of this kind of information also might become a standard required to qualify for federal contracts, he said.
Some lawmakers also said that companies must more swiftly inform the public when data have been compromised.
"Too often, as we saw in ChoicePoint and other instances, people were not informed immediately," Sen. Jon Corzine (D-N.J.) said in announcing plans to introduce legislation to improve the security of consumers' financial data.
Corzine said that his bill would require financial institutions and data brokers to establish effective security systems to protect personal data. It would also require a top corporate officer to attest that such safeguards are in place.
What's more, the bill would mandate prompt notification to consumers when security is breached, while still allowing "appropriate delays" in disclosure to help law enforcement.
Majoras of the FTC took a more cautious approach toward changing federal law than some of the legislators.
But she suggested that the federal rules governing the security and privacy obligations of financial institutions could be extended to data brokers.
"We think that we ought to look at a broader security standard" for that industry, Majoras said, alluding to the Gramm-Leach-Bliley Act, which already applies to financial activities such as banking and insurance.
In written testimony, Don McGuffey, a ChoicePoint vice president, said his firm supported independent oversight from Congress, greater accountability by companies that handle public records and tougher penalties for the theft of such data.
Reuters was used in compiling this report.