« The Founders Of The ACLU | Main | Cool Science »
January 05, 2006
Better Late Than Never
The folks up on The Hill have finally come up with some legislation to protect consumers, to some degree, against identity theft.
A bipartisan coalition of Senate Commerce Committee leaders today introduced comprehensive legislation (The Identity Theft Protection Act, S. 1408) that protects consumers from identity theft. The bill sets national standards for notifying consumers of data breaches, requires businesses to improve their safeguards for sensitive consumer information, gives consumers the right to freeze their credit reports to thwart identity theft, and limits the solicitation of Social Security numbers.
Speaking for myself, I always understood that Social Security numbers were intended to exist only as proprietary information shared by those issued the numbers, employers(to confirm work eligibility and report employee earnings to the Government), and the Government itself as a tax identification number or for law enforcement I.D. purposes.
Yet it seems that everybody and their brother require your SSN to run credit checks and open non-financial accounts of various kinds, and we all know they keep them on file. There's a sort of information gluttony afoot in this age of the Internet -- all manner of companies want to compile and retain every last scrap of personal information on everyone they become involved with for one reason or another.
We also know that many of these concerns, for reasons of the cheaps "cost efficiency", don't believe in investing in expensive security measures to adequately protect all this personal data they accumulate.
Hence, we occasionally read about some company's computer files being raped by hackers, the thefts as often as not going undiscovered until a few days after the fact, giving the thieves time to use the information they've gleaned before anybody closes the proverbial barn door.
For example, a law was passed not long ago that after a company uses the 3 or 4 digit confirmation code from the back of your credit or debit card, they are required to delete it from your file. I see this as a requirement whose compliance would be something rather difficult to enforce unless the Government hacked into the computers of every company in the United States that accepts purchases on-line or over the telephone, and you can just imagine the hullabaloo that would cause in a country rife with leftist organizations who don't even believe the Government should be permitted to listen in on the telephone conversations of terrorists who are plotting to murder large quantities of American citizens.
So how can such laws be enforced? The only method that would work with any measure of success would be an aggressive random spot checking system with severe penalties for discovered noncompliance.
This new bill is a tripartison -- that's right, tripartisan effort{3 Democrats, 2 Republicans and John McCain, whom I see as falling under the heading of Name-Only Republican}.
Misgivings about effective implementation aside, I believe the bill is a good one and would like to see it pass. If every company and organization that requires storage of people's personal information acknowledged their responsibility to secure it at any cost, even if it meant upping their prices for goods and services a little bit, such measures would not be necessary, but this is not the case and many of these concerns provide, without any local alternatives, products that are requisite to basic survival, such as gas and electric.
Why in the hell should a gas company have to have my social security number on file, right?
Posted by Seth at January 5, 2006 12:09 AM