Every four seconds in America, another person falls victim to identity theft. It can happen in any number of ways: a wallet is stolen, a credit card slip is fished from the trash or a corporate, academic or government database containing personal financial information is breached.
Jennifer DePreist, a 29-year-old lawyer living in Oakland when she was victimized, described the anxiety and frustration that she and so many others have felt:

"The last two months have been a nightmare ... despite the fact that my thief was arrested a week and a half ago. I am still fighting to clear my name, and I still dread opening my mailbox or answering the phone. I am told that it will take years before I clear my credit reports of fraudulent inquiries and bounced check notices."

This is happening all across the country. In 2005, 8.9 million Americans were victimized, at a $57 billion cost. The cost will keep climbing unless Congress takes swift, strong action.

A major part of the problem is that our most personal information is not safe in large databases. Most people don't know how accessible it is. They don't know that their Social Security numbers, driver's licenses, telephone records, telephone logs, and medical records are bought and sold in the black market and on the Internet. They don't know that when they open a credit card, get a home loan, or buy a car, all that information is collected and collated in massive databases.

And when material from these databases is lost or stolen, consumers face a major risk of identity fraud. This risk is compounded when those consumers do not even know that the breach has occurred.

There were more than 115 major database breaches last year, leaving more than 52 million Americans open to identity fraud and worse. One of the most glaring was ChoicePoint — a case that resulted in the theft of the personal information of 145,000 Americans. But the problem is growing as wave after wave of data breaches have surfaced.

Some of the most recent include:

  • A laptop computer containing Social Security numbers and bank account information was stolen from the Boeing Company in November, putting some 161,000 employees at risk.
  • Marriott International, the hotel chain owner, lost a back-up computer tape containing the personal information of 206,000 customers in December.
  • The Boston Globe and Worcester Telegram & Gazette just last month accidentally distributed as many as 240,000 subscribers' credit and bank card numbers to the doorsteps of Boston area residents and businesses.

Companies have got to do a better job of protecting consumers' personal information. And consumers must be armed with the information they need to protect themselves.

That's why it is so important to develop a strong national standard that says whenever a data system is breached, everyone at risk of identity theft, or at risk of personal harm, must be notified. This way, consumers can have the information they need to protect themselves.

California already has a law requiring notification of individuals in the event of a data breach. Individuals across the country deserve to be notified of data breaches as well. That is the point of legislation I introduced to require a business or government entity to notify an individual in writing or e-mail when it is believed that personal information — such as a Social Security number, driver's license, state identification number, or credit card or bank account information — has been compromised.

This bill was incorporated into a larger data privacy bill that I sponsored with Senators Arlen Specter, Patrick Leahy, and Russ Feingold, which was approved by the Senate Judiciary Committee in November. We have written Senate Majority Leader Bill Frist to get a commitment to bring the bill to the floor, but have not gotten a response.

Not only does this bill force companies, academic institutions, and government agencies to notify those whose information has been compromised, but it also:

  • provides important assistance to victims, including allowing individuals to put a seven-year fraud alert on their credit report;
  • lays out specific requirements for what must be included in notices to those at risk, including a description of the data that may have been compromised, a toll-free number people can call to learn what information and which individuals have been put at risk, and the numbers and addresses for three major credit reporting agencies.
  • And it provides tougher civil penalties — $1,000 per individual the offending institution fails to notify up to a maximum of $50,000 per day while the failure to notify continues.

Congressional action is long overdue. Americans must be told when their most personal financial information is at risk of being used by identity thieves.

You can't tell the true impact of identity theft by looking at the numbers. You see it in the stories of the victims. Let's bring this bill to the Senate floor. The American people deserve it.