WITNESSES EXPRESS SUPPORT FOR UNIFORM REQUIREMENT TO INFORM CONSUMERS OF SECURITY BREACHES

Washington, May 11, 2005 - "Through my hearings on identity theft and the security of consumer data, I see growing support for establishing a requirement of notifying consumers of security breaches involving their data," stated Rep. Cliff Stearns (R-FL), Chairman of the Commerce, Trade & Consumer Protection Subcommittee.  "We see almost daily reports of consumer data security breaches at data brokers, retailers, banks, universities, and the list goes on.  My focus is on first clearly identifying what is not working, but with each new breach, we are losing more valuable time in putting an end to inappropriate and illegal activities that erode consumer confidence in information-driven commerce and technology."

Explained Stearns, "We must ensure that existing federal law is not leaving open ways for certain entities to skirt the objectives of the laws governing this area, including the Fair Credit Reporting Act and Gramm-Leach-Bliley.  If we determine that existing law is inadequate, by gauging the scope of the problem and assessing the legal tools to attack it, we can develop the proper response."

In general, the witness expressed support for requiring consumer notification in cases of security breaches.  Jennifer Barrett, Chief Privacy Office, Acxiom Corp., stated:  Acxiom supports efforts to pass federal preemptive legislation requiring notice to consumers in the event of a security breach, where such breach places consumer at risk of identity theft or fraud."  Entrust is a world leader in securing digital identities and information.  Entrust's Vice President of Government Affairs, Daniel Burton, expressed support for considering "a uniform national breach notification policy for unauthorized access to encrypted personal information."

"These hearings indicate that we should consider a legislative response to identity theft and data security that includes a notification requirement," concluded Stearns.