TMCnet News
Battling identity-theft bills stuck in House(Columbus Dispatch (Ohio) (KRT) Via Thomson Dialog NewsEdge) Apr. 2--WASHINGTON -- Proposed safeguards against identity theft could fall by the wayside this year because Congress can't decide between rival data-security bills. Two Ohio Republicans playing a key role in the debate say lawmakers still stand ready to act on an issue that commanded the national stage last year when hundreds of thousands of people learned that their sensitive financial information had been breached in a number of incidents. Reps. Steven C. LaTourette, of Madison, and Deborah Pryce, of Upper Arlington, say legislation they helped draft that recently was approved by the House Financial Services Committee would aid consumers when companies such as data-collection giant ChoicePoint or DSW Shoe Warehouse lose or have stolen information about thousands of customers. They're backed by industry lobbyists, who say a uniform national standard is needed to guide how businesses must notify consumers when such data breaches occur, but not one that assumes every incident means all those affected will then fall victim to identity theft. The lobbyists say the danger is a growing assortment of individual state laws and a flood of notices that consumers wind up disregarding as junk mail. "What we need is a national, uniform law on notification," said Mike Zaneis, a lobbyist for the U.S. Chamber of Commerce. "We would like to see the standard be a significant risk of harm. If there is no significant risk of harm, then there is no real need for notices." But consumer advocates say they prefer a bill passed last week by the House Energy and Commerce Committee. That proposal puts the onus on companies to show why they shouldn't have to warn consumers about most data breaches, while the financial-services proposal gives businesses much more leeway to decide to withhold that information, advocates say. The financial-services bill passed March 17 in relatively bipartisan fashion, 48-17. But the vote in the Energy and Commerce Committee on Wednesday was unanimous, 41-0. It isn't clear which proposal has the better chance to win as GOP leaders try to merge the differing approaches. The legislative head-butting in an election year where issues such as immigration, Iraq and lobby reform have grabbed the headlines mean consumers might not see any bill at all. That might not be so bad, say some consumer advocates. They worry about a final federal law that is too weak and guts stronger state laws in the process. "At this point there is a better chance there is no (final) bill," said Susanna Montezemolo, a policy analyst with Consumers Union, the publisher of Consumer Reports. "And from our perspective, if Congress can't get it right and needs to come back next year and meanwhile let states innovate, we're fine with that. Either have a strong federal standard or no federal standard." Data breaches continue to occur. In Ohio, a laptop computer stolen on Dec. 28 from the employee of a New Jersey firm that manages prescriptiondrug benefits left vulnerable the personal information of more than 4,500 state employees. The company didn't reveal the theft until Feb. 8. Ohio's own data-breach consumer-notification law, in effect as of Feb. 17, is one of the weaker state laws, said Montezemolo. But that doesn't matter much because most companies have begun following the requirements of the strictest state laws, such as California's. Pryce and LaTourette say a federal law is needed to help both consumers and businesses deal with data security uniformly. And both lawmakers say they aren't wedded to the Financial Services Committee's bill; Pryce also is a co-sponsor of the Energy and Commerce legislation. "I think it is important that we pass a federal law this year," Pryce said. "We need to look at both bills on notification. The notification trigger is lower (in the Energy and Commerce bill), but you also have to consider if you want people notified if they are not in particular risk." [email protected] |