Washington, DC – U.S. Senator Dianne Feinstein (D-Calif.) today announced that she will reintroduce a number of identity theft prevention measures and hold a hearing in her capacity as Chairman of the Subcommittee on Terrorism, Technology, and Homeland Security as soon as possible at the start of the 110th Congress. 

The University of California Los Angeles today notified approximately 800,000 students, faculty and staff members that their personal information has been compromised during a security breach of the university’s central campus database.

“The time has come to enable individuals to protect themselves from identity theft. But they can not protect themselves if they do not know that the privacy of their information has been violated. Therefore, as one of our first bills in the 110 th Congress, I will reintroduce the Data Breach Notification Act,” Senator Feinstein said.

“The security breach at UCLA appears to be the largest ever at an American university, but it is just the latest in a string of incidents that have exposed millions of Americans to the risk of identity theft. I commend UCLA for notifying those at risk, however, I believe notification should be required in all cases like this.  

“In addition, we must protect a person’s social security number from being displayed or sold without their knowledge. A person’s social security number is the key to their personal information, and we must do everything possible to keep identity thieves locked on the outside.”

Senator Feinstein plans to reintroduce both the Data Breach Notification Act and the Social Security Misuse Prevention Act in the 110th Congress.

Last year, Senator Feinstein’s data breach notification measure was included as part of a comprehensive data privacy bill that passed the Judiciary Committee on November 17, 2005, but did not get Senate floor action. The hearing in the new Congress will review that measure, as well as examine additional options for strengthening protections against identity theft.

The following is a summary of Senator Feinstein’s notification measure that passed the Judiciary Committee in the 109 th Congress:

• A federal agency or business entity must notify an individual of a security breach involving personal data without unreasonable delay following the discovery of the breach and any measures necessary to assess the security breach and prevent further disclosures;
• Notice may be delayed or exempted for law enforcement and national security reasons;
• Notice must be provided in writing, by telephone, or by email;
• Notices given must include a description of the personal data breached and a toll-free number to call for more information and the toll free numbers of the major credit reporting agencies; and
• Failure to provide notice will result in monetary penalties of $1,000/day/individual.

The Social Security Misuse Prevention Act would prohibit the sale or display of a person’s Social Security number to the general public without their knowledge or consent. It would also prohibit government agencies from displaying the numbers on public records posted on the Internet.