[ insider_reports_insider ]
Will Consumer Data Legislation Really Help?
John Stith
Staff Writer
2006-02-23
 Insider Reports RSS Feed
Two weeks ago, Congressman Ed Markey (D-MA) proposed legislation designed to protect consumer data by forcing various companies to destroy the consumer information after a reasonable period of time. The big question is will it work?
 | | Protecting Consumer Data |  |
Markey, the ranking Democrat on the Telecommunications and Internet Subcommittee of the House Energy and Commerce Committee introduced the legislation amid a slew of well-publicized data breaches among various financial institutions. When the bill was introduced, Markey made a statement,
"In this digital information age, personal identifiers are the keys which unlock the personal lives and valuable possessions of millions of Americans. Internet companies are often able to glean personal information through a computer user's surfing and searching of Internet sites. Such entities should not hoard these personal identifiers in databases that often hold the imprints of millions of individuals and their Internet use.
"This warehoused personal information about consumers' Internet use should not be needlessly stored to await compromise by data thieves or fraudsters, or disclosure through judicial fishing expeditions." said Rep. Markey, who is also the author of H.R. 1078, "The Social Security Number Protection Act," a bill aimed at protecting consumers from the abuse of the purchase and sale of social security numbers.
The standard in the bill is based on similar successful legislation requiring cable companies to destroy obsolete data. The Federal Trade Commission will set up the rules to regulate this new law. The primary section of the bills says:
An owner of an Internet website shall destroy, within a reasonable period of time, any data containing personal information if the information is no longer necessary for the purpose for which it was collected or any other legitimate business purpose, or there are no pending requests or orders for access to such information pursuant to a court order.
So far, the biggest problem with the bill many critics point out is that it's overly broad. Bruce Cundiff, research analyst for Javelin Strategy and Research, called the legislation very vague. He said, "Source of identity fraud from businesses is not as widespread as we're led to believe. 6% of known data fraud is stolen from financial institutions. This particular piece of legislation is addressing a small portion of the problem."
If this is the case, then how can identity theft be stopped? What can be done through legal channels to protect consumers from identity theft? Cundiff continues, "Let's make it more difficult for fraudsters to use the information. Social security numbers are a good example. Let's make the usage of that information less powerful."
He went on to say, "From a victim perspective, the source of the fraudster obtaining information, that represents a small piece of the overall pie. That's primarily the issue for the business. I don't know if the best course of action is legislative. It's getting consumers involved in the business of protecting themselves."
Some comments suggest companies like Google shouldn't hang on to all their information indefinitely and that this type of behavior was part of the problem. But this is an adjustment that has to be made.
As more and more information circulates through the Internet, data protection will continue to climb in importance. Companies certainly face tough issues by protecting consumer data but at the same time, consumers do have responsibility to protect themselves as well. This means being more careful not just online but also in how they use their personal information outside of the Internet.
Get all the updates - click this link: 
Add to | DiggThis| Yahoo My Web
About the Author:
John is a staff writer for SecurityProNews covering cyber security.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
