Congress moves to fight identity theft, but some ideas conflict

• Several U.S. senators pushed for new identity theft regulations on U.S. businesses, but a number of conflicting ideas were presented at a hearing yesterday, including a proposal requiring licensing of companies that sell personal data.
• Bill Nelson (D-Fla.), a co-sponsor of a wide-ranging ID theft bill.
• "Consumers are losing trust in our system of electronic commerce."
• A survey released Wednesday by the Cyber Security Industry Alliance advocacy group seemed to support Nelson's concern.
• Of 1,003 likely voters surveyed, 97% said identity theft is a serious problem.
• Forty-eight percent indicated that they avoid making purchases on the Internet because they are afraid their financial information may be stolen.
• Seventy-one percent of those surveyed said new laws are necessary to protect consumer privacy on the Internet.
• Beyond the 20-plus bills in Congress that deal with ID theft in some way, committee members came up with more ideas at the hearing.
• Conrad Burns (R-Mont.) suggested that all so-called data brokers -- businesses that sell personal data -- be licensed by the government.
• Data broker ChoicePoint Inc.'s disclosure in February that it had given data on 145,000 U.S. residents to ID thieves was the first in a series of large-scale data breaches this year (see story).
• "I'm coming down on the side of [saying that] anybody who collects information has to have a license to do so, or is outside the law and should be shut down," Burns said.
• "I think they need to have some reasonable license that gives them guidelines to do business in this arena."
• Some senators pushed for a national law that would require businesses that have data breaches to inform potential victims, but witnesses disagreed on what form such a law should take.
• William Sorrell, the attorney general of Vermont, urged the committee to pass a national data-breach notification law that wouldn't preempt tougher state laws.