During a conference call New York State Senator Charles Schumer presented legislation that he hopes will better inform consumers who have been victim of identity theft, as well as create requirements for companies who may withhold information from those victims.
'It's a problem affecting New Yorkers and Americans and every year thousands of upstate New Yorkers have their identity stolen by criminals out to make a quick buck,' Schumer said. 'Some of these criminals are going to extreme lengths to get your personal information, but they don't always have to.'
The Personal Data Privacy and Security Act, according to Schumer, will target this growing problem by increasing penalties for stealing IDs, requiring firms that experience a security breach involving personal data to notify consumers and the police in a standard fashion, and require companies to enact stricter procedures to keep Americans' identities safe.
'In today's information age our personal information is more valuable than ever. Even high profile companies where consumers shop every day are at risk,' he said. 'Last week a man named Albert Gonzalez plead guilty to stealing more than 40 million credit card numbers by hacking into the wireless networks of companies like Barnes and Noble and T.J. Maxx.'
Gonzalez, who went from credit card fraud criminal to Secret Service informant and then back to being federally prosecuted again, is facing a lawsuit in what could possibly be the single largest and most complicated identity theft crime in the United States after he and 10 other men breached major companies such as BJ's Wholesale Club, Boston Market, Forever 21, OfficeMax, Sports Authority, DSW, and TJ Maxx.
Many people do not realize how easy it is for a criminal to obtain an individual's personal data, Schumer said, and with the emergence of Internet use that risk is becoming greater.
'Last year alone identity theft in upstate New York rose by almost 25 percent - 270,000 cases in 2008 compared to 220,000 in 2007. It cost consumers $1.3 billion. That's a staggering amount,' he said. 'Unfortunately it's the victims who are often on the hook for the criminals actions. People suffer large out-of-pocket financial losses as well as losses associated with restoring your reputation in the community and correcting inaccurate information. The problem is getting worse and worse because as people turn to the Internet to pay their bills and make monetary transactions criminals have found it is easier than ever to obtain identifiable data such as passwords, social security numbers and banking information through unsolicited e-mails that trick consumers into revealing this type of information.'
Under the Personal Data Privacy and Security Act the following requirements would have to be met:
- Increased criminal penalties for identity theft involving electronic personal data and making it a crime to intentionally or willfully conceal a security breach involving personal data.
- Give individuals access to, and the opportunity to correct, any personal information held by commercial data brokers.
Require entities that maintain personal data to establish internal policies that protect the personal data of Americans.
The program must be designed to ensure security and confidentiality of personal records, protect against anticipated threats and hazards to the security and integrity of personal electronic records, protect against unauthorized access and use of personal records, and ensure proper back-up storage and disposal of personally identifiable information.
The requirements for the data security program are modeled after those established by the Office of the Comptroller of the Currency for financial institutions in its Interagency Guidelines Establishing Standards for Safeguarding Customer Information.
The act would also require entities that maintain personal data to give notice to individuals and law enforcement when they experience a breach involving sensitive personal data, as well as requiring the government to establish rules protecting privacy and security when it uses information from commercial data brokers, to conduct audits of government contracts with data brokers and impose penalties on government contractors that fail to meet data privacy and security requirements.
Under the act an Office of Federal Identity Protection within the Federal Trade Commission would be established as well.
'Identity theft is a scourge on hard-working Americans, and it is a problem that is getting worse,' said Schumer. 'We must do everything in our power to make sure that criminals are not draining our bank accounts through the back door, and that companies are protecting private data in the most aggressive way possible'