"WE NEED TO BALANCE PROTECTING PERSONAL INFORMATION WITH ALLOWING ACCESS FOR LEGITIMATE BUSINESS AND LAW ENFORCEMENT PURPOSES"

Washington, Mar 15, 2005 - "We live in an age of information that carries both benefits and dangers - the security of that information can be compromised in a database, along the network pipeline, and at the final destination, or the point of sale - and this information may include where we live, how much we make, and what we buy, " stated Rep. Cliff Stearns (R-FL), Chairman of the Commerce, Trade & Consumer Protection Subcommittee. "Recent security breaches at two of the biggest and most sophisticated companies in the industry, ChoicePoint and LexisNexis, highlight the need for this examination of the effectiveness of current regulatory regimes."

Derek Smith, CEO of ChoicePoint, testified, "Based on information currently available, we estimate that data from approximately 145,000 consumers may have been accessed as a result of unauthorized access to our information products." Smith outlined changes made by ChoicePoint, "We have strengthened ChoicePoint's customer credentialing process and we are changing our products and services to many customer segments.  We are requiring additional due diligence such as bank references and site visits to small business applicants before allowing access to personally identifiable information."

Joseph Ansanelli, CEO of Vontu, a company that helps prevent the loss of consumer data, noted that, "in one year alone approximately 10 million people - or almost 5% of the U.S. adult population - were victims of Identity Theft."  He continued, "One possible solution to raise the level of consumer data protection is to extend existing industry specific consumer data protection requirements to cover any organization which stores private consumer data and create a preemptive and unified, National Consumer Data Security Standard."

Testifying for the Federal Trade Commission, Chairman Deborah Platt Majoras identified the information collected by brokers, how it is used, and some of the current laws that apply to data collectors. Majoras pointed out, "There is no single federal law that governs all uses or disclosures of consumer information."

Concluded Stearns; "There is clearly a need to consider a comprehensive federal consumer notification requirement when breaches occur, as well as a uniform national standard for securing personal information.  This is the 21st century and total anonymity is not realistic, but consumers have a legitimate expectation to privacy and the knowledge that their personal information is secure.  We need to look at balancing privacy with the legitimate need for access to this information for business and law enforcement purposes."