Several U.S. senators pushed for new identity theft regulations on U.S. businesses, but a number of conflicting ideas were presented at a hearing yesterday, including a proposal requiring licensing of companies that sell personal data.
Bill Nelson (D-Fla.), a co-sponsor of a wide-ranging ID theft bill.
"Consumers are losing trust in our system of electronic commerce."
A survey released Wednesday by the Cyber Security Industry Alliance advocacy group seemed to support Nelson's concern.
Of 1,003 likely voters surveyed, 97% said identity theft is a serious problem.
Forty-eight percent indicated that they avoid making purchases on the Internet because they are afraid their financial information may be stolen.
Seventy-one percent of those surveyed said new laws are necessary to protect consumer privacy on the Internet.
Beyond the 20-plus bills in Congress that deal with ID theft in some way, committee members came up with more ideas at the hearing.
Conrad Burns (R-Mont.) suggested that all so-called data brokers -- businesses that sell personal data -- be licensed by the government.
Data broker ChoicePoint Inc.'s disclosure in February that it had given data on 145,000 U.S. residents to ID thieves was the first in a series of large-scale data breaches this year (see story).
"I'm coming down on the side of [saying that] anybody who collects information has to have a license to do so, or is outside the law and should be shut down," Burns said.
"I think they need to have some reasonable license that gives them guidelines to do business in this arena."
Some senators pushed for a national law that would require businesses that have data breaches to inform potential victims, but witnesses disagreed on what form such a law should take.
William Sorrell, the attorney general of Vermont, urged the committee to pass a national data-breach notification law that wouldn't preempt tougher state laws.