"... CDT and other groups are calling for national reforms to replace what they see as an outmoded federal regulatory regime. Currently, the Privacy Act of 1974 places limits on the exposure and management of records in government databases. And some companies that handle personal data, such as credit-reporting firms, are subject to various consumer-protection statutes, including safeguards for data-quality and confidentiality.
But Sohn said existing laws miss new security and privacy threats posed by the "revolution in data technology, in terms of the ability to gather, store and manipulate large quantities of data."
Reform advocates say consumer protections should not only keep people informed when data-security is breached, but also afford greater control over personal records before and after violations occur.
Groups like CDT say federal laws should explicitly guarantee consumers’ right to know what data is gathered about them, and the power to "freeze" credit reports to preempt fraud and misuse. As a preventative measure, they say, companies should be required to implement policies for securely storing and using data, backed with potential civil penalties for non-compliant firms.
Fundamentally, critics argue that the most effective way to combat identity theft is to minimize the amount of data available for stealing.
Some of the groups’ proposed reforms would nationalize consumer-protections already in place on the state level. They would also expand disclosure and transparency in the relatively unregulated "data-broker" industry – companies that cull and sell consumer information for marketing and other purposes.
Fundamentally, privacy and consumer groups say the most effective way to combat identity theft is to minimize the amount of data available for stealing. Groups such as the Electronic Privacy Information Center (EPIC), for example, support strict limits on the use of social-security numbers as an identifier.
EPIC Executive Director Marc Rotenberg said fraud could also be deterred through laws that "make [companies] liable when harm results from the misuse of the data they collect." Forcing information-hording institutions to foot the cost of potential mishaps, he said, would be a built-in security check, as they would "internalize the real cost of collecting and using personal information." ..."
[ full article ]
No comments:
Post a Comment