'Perfect storm' for new privacy laws?

High-profile breaches at ChoicePoint, Bank of America and other data holders spur legislators to action.

A series of security break-ins is kick-starting a political drive to reshape federal laws that dictate how companies protect personal information--and what they have to do if that data leaks out.

What began with the leak of tens of thousands of records from data broker ChoicePoint earlier this month was quickly compounded by a series of rapid-fire incidents involving Bank of America, Science Applications International Corp., an online payroll services company and the T-Mobile Sidekick of hotel heiress Paris Hilton.

That avalanche of high-profile breaches in the last month has captured the attention of a growing number of U.S. senators, mainly Democrats, who have called for new laws as a response. Sen. Arlen Specter has pledged to convene hearings in his Judiciary committee, often an initial step in the legislative process. An aide to the Pennsylvania Republican said Monday that a hearing is being scheduled and is expected to be held soon.


What's new:
An avalanche of high-profile breaches in the last month has captured the attention of a growing number of U.S. lawmakers.

Bottom line:
Advocates hope it will spur greater regulation of the shadowy industry that creates digital dossiers on Americans.

More stories on data theft

"Ten days after the ChoicePoint breach of personal data involving between 145,000 and 500,000 people was revealed, today another breach of data was revealed, this time by loss," Sen. Dianne Feinstein, a California Democrat, said in response to Bank of America's admission that it had misplaced backup tapes containing 1.2 million customer records. "These two instances dramatize the need to take steps for the protection of an individual's personal data. The Congress needs to address it."

At the federal level, privacy laws tend to be created erratically, spurred by one well-publicized emotional anecdote after another. Congress approved the Video Privacy Protection Act in 1988 after a newspaper published Supreme Court nominee Robert Bork's video rental records. The murder of actress Rebecca Schaeffer, whose killer found her address through DMV records, led to the Drivers Privacy Protection Act.

Advocates of greater regulation are hoping the latest security breaches will be just as politically potent. "I don't think Congress can ignore what's happened," said Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC) in Washington, D.C. "This may be the first mass disclosure of personal information that triggers congressional action."

For ChoicePoint and similar data aggregators, including Acxiom and Westlaw (a research service operated by Thomson West), the recent breaches could hardly come at a worse time. The start of a new congressional session often leaves politicians casting about for new issues, and a pair of recent books has cast a critical light on the typically shadowy industry that creates digital dossiers on Americans.

The price of ChoicePoint shares have plummeted about 15 percent, from a high of nearly $48 to around $40, since the scandal became public. Rival Acxiom's shares also have suffered, and a Westlaw "People-Find" service came under attack last week from Sen. Charles Schumer, Democrat of New York.

An "Exxon Valdez of privacy"?
"I don't think it's right to wait until there's an Exxon Valdez of privacy," Sen. Ron Wyden, a Democrat from Oregon, said nearly five years ago, back when Congress was more concerned with Web companies than data brokers. Now that kind of privacy disaster finally has arrived, at least according to congressional Democrats.

One possible response from Congress would be an attempt to extend an existing federal law, the Fair Credit Reporting Act (FCRA), which deals with credit-reporting agencies such as Equifax, to cover data-

Featured Video