Washington, D.C. - U.S. Senator Dianne Feinstein (D-Calif.), chairman of the Senate Judiciary Subcommittee on Terrorism, Technology, and Homeland Security, issued the following statement about the President’s Identity Theft Task Force report released today: 

“I commend the President’s Identity Theft Task Force for taking a number of positive steps to protect Americans from identity theft.  As a result of the task force’s work, the government has improved training for U.S. and foreign law enforcement agencies, giving them the knowledge they need to better investigate identity theft crimes in the 21st Century. The task force also has encouraged federal agencies to eliminate the unnecessary use of Social Security numbers on documents and has made important efforts to educate the public on ways to protect their personal data. 

Progress has been made, but more must be done. As the Task Force itself recognizes, we need a comprehensive approach to make sure that Americans are quickly informed when their sensitive personal data falls into the wrong hands, and we must provide victims of identity theft with the tools they need to restore their good names.  

I introduced the Notification of Risk to Personal Data Act to ensure that consumers are notified when their personal information has been obtained without authorization.  It is important for Congress to take action and pass this legislation.  

I’ve also introduced the Social Security Misuse Prevention Act, which would protect individuals by prohibiting state and local agencies from displaying Social Security numbers on public records posted on the Internet and prohibit the federal government from printing these numbers on government checks. This legislation also would establish legally binding rules to prevent private companies as well as state and local governments, from displaying Social Security numbers on publicly available documents when it is not necessary to do so.    

Although not all data breaches lead to identity theft, the cost of stolen identities is enormous – estimated at more than $50 billion per year. Data breaches have helped fuel the vast online market in stolen identities. Credit card information is sold on the Internet for as little as 40 cents per account. A full identity – including a name, address, birth date, Social Security number and answers to “secret” security questions – can be bought for as little as $1.  

Every year millions of Americans fall victim to data breaches or identity theft. Congress must act now to ensure that Americans are informed when their sensitive personal data falls into the wrong hands.” 

The Notification of Risk to Personal Data Act: 

• Requires consumers to be notified when their personal information has been obtained in a breach and that they be given a toll-free phone number to call for more information. 
  
• Requires the media to be notified if the breach involves the data of more than 5,000 people.
  
• Requires that the company or agency that is the subject of the breach coordinate with credit-reporting agencies if more than 5,000 individuals need to be notified.
  
• Requires the Secret Service be notified if the database breached has information on more than 1 million people, is owned by the federal government or involves national security or law enforcement. 

The Social Security Number Misuse Prevention Act would: 

• Prohibit the sale or display of an individual’s Social Security number to the general public without the individual’s consent;
  
• Prohibit federal, state and local government agencies from displaying Social Security numbers on public records posted on the Internet or issued to the general public through electronic media or from printing them on government checks;
  
• Prevent the employment of inmates for tasks that would give them access to the Social Security numbers of other individuals;
  
• Provide some limitations on when a business can ask a customer for his or her Social Security number
  
• Require a study of the current uses of Social Security numbers and the impact on privacy and data security; and include both criminal and civil penalties. 

Full text of the report is here:  http://www.ftc.gov/os/2008/10/081021taskforcereport.pdf

###