Thank you, Chairman Stearns, for holding today’s hearing on the risks consumers face because data brokers like Choice Point and the problems they have had.  We were all shocked to hear that a few criminals were able to set up scams which jeopardized the personal and financial security of hundreds of thousands of people. We need to close the gaps in the law that are putting consumers and their sensitive information at greater risk for privacy invasions, identity theft, and other crimes. 

Stories of security breaches of databases of personal and financial information have been all over the news in the past few weeks.  Most notably, we’ve heard about Choice Point selling personal records of 145,000 people to sham businesses and of con-artists using real accounts and passwords to access 32,000 peoples’ records in LexisNexis’s Seisint database.  My own state of Illinois has already ranked ninth in the nation for identity theft cases, and the fact that 5,025 more residents are at greater risk because of the Choice Point’s fumble and 481 more are because of the LexisNexis’s problem, I am even more troubled by these reports.  Chairman Stearns, being that Florida is fifth in the nation for ID theft, I know you, too, are quite aware of what these breaches can mean for consumers, our constituents.  

While our witnesses will admit that some of the data accessed as a result of the breaches is sensitive personal information – including Social Security numbers and drivers’ license numbers – we are also going to hear disclaimers about how most of the information was from public records.  Downplaying the security breaches does not provide me – or many others – with comfort.  Although the information may be public, when those records are compiled and then linked to other information about consumers, the nature of those records is radically changed.  In fact, the power of aggregated information was one of the driving forces behind the 1974 Privacy Act, which makes it illegal for government agencies to amass the kind of personal information that data brokers do today.   Our congressional predecessors knew that limits were needed to protect the peoples’ privacy from government spying.  What they did not realize was that Big Business would handle the dirty work for Big Brother and that technology would make it possible to gather and store thousands of pieces of personal information which is available with just the click of a mouse.  Despite its power, profit, and reach, the burgeoning data brokerage industry is largely unregulated.  

The lack of regulation is seriously troubling for a number of reasons.  First of all, data brokers sell their information to employers, insurance companies, debt collectors, government agencies, and in some cases, individuals.  They see their role as being “risk mitigators” for their clients.  However, the information they sell could cost people jobs, insurance, the right to vote, or even their lives if the information is sold to a stalker or abusive spouse, for example.  The risk is shifted to defenseless and unaware people – at times, crime victims.  There are no guarantees that the information that data brokers are selling is accurate and, they have few, if any, obligations to consumers to correct it.  Data brokers could “black list” people and there is little victims can do about it.  On top of that, as these recent breaches reveal, the very collection and sale of the information could mean that even more inaccurate information is added to consumers’ records.  Already 750 people who had their information bought by fraudsters from Choice Point have fallen victim to identity theft.  Although Choice Point has promised to help them correct the problems they will incur, it will take these individuals, on average, two years to clear their names.  Even then, we have no guarantees that all their future records will reflect that – and who knows the costs they will incur along the way.   

I find the lax security and regulation of data brokers especially disturbing because of the government reliance on them.   One report put the number of government agencies using data brokers at around 7,000 – from local police stations to the Department of Justice with $67 million in contracts with Choice Point in 2004 alone.  Hundreds of millions of dollars are flowing each year from the taxpayers’ pockets and into the data broker’s banks.  While I am troubled by the prospect that the government agencies may be violating the spirit of the 1974 Privacy Act, I am particularly concerned about the fact that they are turning to free-wheeling contractors to get their information.  If we are going to be using taxpayers’ dollars to pay for these services, we need to make sure data brokers are accountable when it comes to the security and the accuracy of the data they are compiling.  People’s very lives are at stake and we do not need a Halliburton of the information industry or another legal black hole through which contractors fall and from which they profit.  

Again, Chairman Stearns, I look forward to working with you and the other members of our committee to do what we can to protect consumers.  Thank you.