WASHINGTON,
DC - U.S. Representative Jan Schakowsky, ranking member on the
Subcommittee on Commerce, Trade, and Consumer Protection, today called for a
better personal information security bill that would set a higher standard of
accountability for businesses and protect consumers. Since February 2005, nearly
51 million notices have gone out to consumers informing them that their private
personal information had been exposed or compromised because of strong state
laws requiring notification. As it is currently written, H.R. 4127 would
pre-empt those strong state laws, set a higher standard to trigger notification,
and generally make it more difficult for consumers to protect their personal
information. H.R. 4127 passed the Subcommittee on Commerce, Trade, and Consumer
Protection today without a single Democratic vote.
The full text of Representative Schakowsky’s opening statement is below:
Thank you, Mr. Chairman, for holding today’s markup on H.R. 4127, the Data
Accountability and Trust Act, or the DATA Act. Your bill seeks to address
one of the biggest issues for consumers, one of the most troubling revelations
of 2005, and the elephant in the room of many corporations and information
brokers: the absolute lack of security and respect for consumers’ personal
information.
While I appreciate your conducting Subcommittee proceedings under regular order
with the DATA Act – holding hearings, the subcommittee markup today, and the
commitment to have a full committee markup before heading to the floor – I also
have to say that I am disappointed in the unilateral decision to introduce this
bill before a sincere effort had been put into resolving the major issues that
remain: the narrowly-focused and impossible proof standard for triggering
notification, as well as the subsequent preemption of states laws.
There was a real possibility that we could have worked out an agreement for a
sound and strong national consumer protection policy. However, not only were
Democrats – who were willing to work on a bipartisan basis – left behind, but so
were consumers. The DATA Act, as currently drafted, leaves consumers at the
mercy of industries who think that personal information is just another way to
make money, not something that should be guarded.
Since February 2005 and the news of the ChoicePoint scandal, nearly 51 million
notices have gone out to consumers, letting them know that their personal
information had somehow been compromised. There have been more than 80 breaches
since mid-February: that is more than two per week.
Those notices would not have gone out had it not been for a strong California
law that requires consumers to be contacted whenever there is “unauthorized
acquisition of computerized data that compromises the security, confidentiality,
or integrity of personal information.” Illinois, the second state to enact
notification laws, has the same language – as do many of the 21 states that now
have breach notification laws.
Consumers need to know if and when their information has been compromised so
that they can make informed decisions about how to proceed and protect
themselves from becoming victims.
Identity theft is a major issue in our country. In the last five years, over 27
million people have been victims of the fastest growing financial crime.
Illinois and Florida are both on the top 10 list for the number of victims in
each state. Most victims do not know how the crooks snagged their identity.
Could it have been because of the lack of proper treatment of their personal
information by corporations? The FTC has reported that those who discover their
identity has been stolen right away experience less personal damage than those
who discover it after months have gone by. When consumers receive timely notice
that a database is compromised, they are better equipped to avoid being
victimized themselves. If a breach occurs, consumers need to know to be on
alert to prevent would-be fraudsters from using their personal information on a
shopping spree or vacation to the tropics.
It is not just victims of identity theft who suffer financial harm that need to
know that their information is fair game. Some have their identity stolen so
that a crime can be committed in their names. Those victims need that notice so
they can defend themselves if accused of crimes they did not commit. And,
victims of domestic violence and stalking need to know if their information was
leaked so they can protect themselves from the harms that can be committed by an
enraged or deranged person or abusive stalker with access to the location of
their current residence.
Finally, we – members of Congress – need those notices to go out so we can track
the behavior of the industry we oversee, and so we can act if carelessness continues
in the treatment of personal information. Again, we would not have known that a
problem of this scale existed had it not been for strong state laws.
Unfortunately for all of us – except the bad actors – the risk-standard that
triggers notice and the hobbling of state laws by the DATA Act will put the
blindfold back on consumers and us. No notices would have gone out under the
standard put forth in this bill. We would not have known how badly corporations
treat personal information, nor would have consumers have been able to take
action to protect themselves – even from financial identity theft – if this bill
had been in place in February 2005.
As the old saying goes, sunshine is the best disinfectant. We have heard the
industry express “great concern” that consumers will get too many notices and
ignore them if notification continues to go out whenever information is
compromised. That concern is disingenuous. The right response to
over-notification is not to restrict information and to keep consumers and
Congress in the dark. If we want to stop over-notification, then corporations
need to clean up their act so consumers’ personal information is not compromised
in the first place. We also need to make sure that states’ rights are
protected and that they can protect their citizens from being harmed. If
Congress is willing to sacrifice consumers for corporations, then I want the
Illinois General Assembly and the Office of the Illinois Attorney General on the
beat to protect my constituents.
Again, I thank you for giving us a chance to amend this bill in the
subcommittee. I believe there is a good outline to build a strong national
standard for consumer protections. I look forward to filling in the details
with meaningful consumer protections.
|