WASHINGTON, DC -- U.S. Representative Jan Schakowsky, ranking member on the Subcommittee on Commerce, Trade, and Consumer Protection, today continued to lead efforts to pass legislation that would protect consumers from identity theft and fraud. The Energy and Commerce Committee today unanimously passed the DATA Act, which requires information brokers and businesses to keep consumers’ information accurate and secure, and ensures that consumers are notified if their information may have been subject to unauthorized access.

Representative Schakowsky’s opening statement is below:

The DATA Act seeks to address one of most troubling revelations of the past year and one of the biggest issues for consumers today:  the lack of security and regard for consumers’ personal information. I would like to thank you and Chairman Stearns, for working with Ranking Member Dingell and me on the Manager’s Amendment which would require companies to better secure consumers’ personal information and to notify them should their information be breached. While not perfect, I believe that the Manager’s Amendment to the DATA Act helps close the canyon-sized gaps in the law that put consumers at risk of identity theft, fraud, and other crimes.

Since February 15, 2005 and the revelation that ChoicePoint had sold personal records to con-artists, approximately 54 million notices have gone out to consumers informing them that their personal information had not been adequately protected and was breached. That’s over 915,000 notices per week – or over 130,000 per day – because of hacked computers, lost backup tapes, compromised passwords, dishonest insiders, and lax online protections.

Notice went out because of strong laws in states like Illinois that require consumers be contacted whenever their personal information has been compromised. I am pleased that the Managers’ Amendment also requires nationwide notification whenever consumers’ information is breached. The only exception in the DATA Act is when it can be proved that a breach poses no reasonable risk of consumers falling prey to identity theft, fraud or other unlawful acts. With the passage of this Act, consumers nationwide will be able to make informed decisions about how to proceed and protect themselves from becoming victims when their information is breached.

I am also pleased that the Manager’s Amendment addresses potential over-notification of consumers. Data insecurity is an epidemic. There have been 145 separate breaches in the last 13 months, 17 so far this month. Businesses need to be more responsible with consumer information and held accountable when they are not. The DATA Act security standards will prevent breaches of personal information in the first place and consumers will therefore receive fewer notices warning that their personal files could be in the hands of criminals.

The DATA Act’s inclusion of additional responsibilities for information brokers – those who make their living selling consumers’ personal records – is also vital to mitigating the risks that have been put on consumers in the Digital Age. In particular, requiring data brokers to verify the accuracy of information they gather will help ensure that consumers are not misrepresented. The Manager’s Amendment also recognizes that it should be consumers’ right to access and inspect their records in order to verify that the information filed under their names is truly theirs and correct.

Another important feature of the DATA Act is the requirement that information brokers keep an audit trail of files accessed. Not only will this provision help catch the dishonest insiders taking home more than their paycheck, but it will also speed up notification to consumers. ChoicePoint discovered its breach in September of 2004, but did not send notices until February 2005 because its staff had to recreate every search associated with the breach to determine who the potential victims were. If an audit trail had already been in place, then notice could have gone out much faster and consumers could have taken the steps to protect themselves sooner after the breach.

Finally, I am pleased that we include a state attorney general enforcement provision in the DATA Act. As you know, many states – like Illinois – are already out there fighting to protect consumers from the negative effects of data breaches. Keeping those cops on the street will ensure better enforcement of this Act and offer better protections for consumers.

While I support the passage of the DATA Act, we still have work to do. A new report by the Government Accountability Office has found that the Department of Health and Human Services inadequately protects the personal information held on Medicare and Medicaid recipients. I believe that it is our obligation to ensure that government entities that fall under our committee’s jurisdiction are held to the same level of accountability as private entities are under the DATA Act. I hope my colleagues feel the same way and we can begin work on that soon.