|
WASHINGTON,
D.C. – U.S. Representative Jan Schakowsky (D-IL) today said that the lack
of regulation in the data brokerage industry, where firms gather the personal
and financial information of millions of Americans, is seriously troubling.
Schakowsky, who is the ranking Democrat on the Commerce, Trade and Consumer
Protection Subcommittee, expressed her concerns during a subcommittee hearing
about the recent crimes committed against Choice Point and LexisNexis,
where personal and financial records were stolen. Below is Schakowsky’s
statement:
Thank
you, Chairman Stearns, for holding today’s hearing on the risks consumers
face because data brokers like Choice Point and the problems they have
had. We were all shocked to hear that a few criminals were able to
set up scams which jeopardized the personal and financial security of hundreds
of thousands of people. We need to close the gaps in the law that are putting
consumers and their sensitive information at greater risk for privacy invasions,
identity theft, and other crimes.
Stories
of security breaches of databases of personal and financial information
have been all over the news in the past few weeks. Most notably,
we’ve heard about Choice Point selling personal records of 145,000 people
to sham businesses and of con-artists using real accounts and passwords
to access 32,000 peoples’ records in LexisNexis’s Seisint database.
My own state of Illinois has already ranked ninth in the nation for identity
theft cases, and the fact that 5,025 more residents are at greater risk
because of the Choice Point’s fumble and 481 more are because of the LexisNexis’s
problem, I am even more troubled by these reports. Chairman Stearns,
being that Florida is fifth in the nation for ID theft, I know you, too,
are quite aware of what these breaches can mean for consumers, our constituents.
While
our witnesses will admit that some of the data accessed as a result of
the breaches is sensitive personal information – including Social Security
numbers and drivers’ license numbers – we are also going to hear disclaimers
about how most of the information was from public records. Downplaying
the security breaches does not provide me – or many others – with comfort.
Although the information may be public, when those records are compiled
and then linked to other information about consumers, the nature of those
records is radically changed. In fact, the power of aggregated information
was one of the driving forces behind the 1974 Privacy Act, which makes
it illegal for government agencies to amass the kind of personal information
that data brokers do today. Our congressional predecessors
knew that limits were needed to protect the peoples’ privacy from government
spying. What they did not realize was that Big Business would handle
the dirty work for Big Brother and that technology would make it possible
to gather and store thousands of pieces of personal information which is
available with just the click of a mouse. Despite its power, profit,
and reach, the burgeoning data brokerage industry is largely unregulated.
The
lack of regulation is seriously troubling for a number of reasons.
First of all, data brokers sell their information to employers, insurance
companies, debt collectors, government agencies, and in some cases, individuals.
They see their role as being “risk mitigators” for their clients.
However, the information they sell could cost people jobs, insurance, the
right to vote, or even their lives if the information is sold to a stalker
or abusive spouse, for example. The risk is shifted to defenseless
and unaware people – at times, crime victims. There are no guarantees
that the information that data brokers are selling is accurate and, they
have few, if any, obligations to consumers to correct it. Data brokers
could “black list” people and there is little victims can do about it.
On top of that, as these recent breaches reveal, the very collection and
sale of the information could mean that even more inaccurate information
is added to consumers’ records. Already 750 people who had their
information bought by fraudsters from Choice Point have fallen victim to
identity theft. Although Choice Point has promised to help them correct
the problems they will incur, it will take these individuals, on average,
two years to clear their names. Even then, we have no guarantees
that all their future records will reflect that – and who knows the costs
they will incur along the way.
I
find the lax security and regulation of data brokers especially disturbing
because of the government reliance on them. One report put
the number of government agencies using data brokers at around 7,000 –
from local police stations to the Department of Justice with $67 million
in contracts with Choice Point in 2004 alone. Hundreds of millions
of dollars are flowing each year from the taxpayers’ pockets and into the
data broker’s banks. While I am troubled by the prospect that the
government agencies may be violating the spirit of the 1974 Privacy Act,
I am particularly concerned about the fact that they are turning to free-wheeling
contractors to get their information. If we are going to be using
taxpayers’ dollars to pay for these services, we need to make sure data
brokers are accountable when it comes to the security and the accuracy
of the data they are compiling. People’s very lives are at stake
and we do not need a Halliburton of the information industry or another
legal black hole through which contractors fall and from which they profit.
Again,
Chairman Stearns, I look forward to working with you and the other members
of our committee to do what we can to protect consumers. Thank you. |
|