With incidences of identity theft on the rise and a key piece of credit reporting legislation about to expire, federal lawmakers are ramping up efforts to pass new bills setting limits on use of people's financial data.
This week, members of the House and Senate introduced several bills touted as anti-identity theft measures, most containing provisions aimed at keeping credit report information out of the hands of criminals.
The proposals come as a section of the Fair Credit Reporting Act, which makes lenders and credit agencies exempt from state laws, is set to expire at the end of the year. Banks and credit reporting agencies have been pushing Congress to extend the exemption.
Consumer advocacy groups, meanwhile, say the federal government and states need to consider stricter measures to protect privacy and penalize companies that don't properly secure customer data, leaving it vulnerable to crackers.
"It's driving what essentially is compromise legislation," said Chris Hoofnagle, an attorney at the Electronic Privacy Information Center. He said he believes Congress will pass a bill extending the exemption from state regulation only if it also contains strong measures to curtail ID theft.
So far, banks and credit agencies have lined up in support of a bill introduced Thursday by Rep. Spencer Bachus (R-Ala.) and 32 backers that would amend the Fair Credit Reporting Act, but also extend the exemption from state regulation.
Fritz Elmendorf, a spokesman for the Consumer Bankers Association, said he was "excited" by the bill because it basically extends the status quo.
"It allows a national credit reporting system, which we think is important for efficiency," he said.
On the same day the Bachus bill was introduced, two other congressmen proposed related measures they said were intended to fight identity theft.
The Identity Theft and Deterrence Act, submitted by Rep. John Shadegg (R-Ariz.), restricts companies' abilities to collect Social Security numbers, creates a centralized reporting system for all credit agencies in cases of identity theft and prohibits merchants from printing full credit card numbers on receipts.
Another bill, introduced by Rep. Rahm Emanuel (D-Ill.), includes a measure to protect health-related information from identity thieves.
Much of the newly proposed legislation focuses on protecting information on the Internet and in computer databases. The Shadegg bill, for example, prohibits transmission of someone's Social Security number on the Internet without a secure connection or encryption.
Unrelated to the Credit Reporting Act debate, Sen. Dianne Feinstein (D-Calif.) introduced a bill modeled on a state law that forces companies to notify customers whenever crackers get access to Social Security numbers, credit cards or other sensitive information.
Ed Mierzwinski, consumer program director of the Public Interest Research Group, credited Congress for recognizing identity theft as a serious issue, but said current proposals don't go far enough in penalizing sloppy security practices. Mierzwinski said he would support harsher penalties for companies that leave customer data vulnerable to thieves and laws that would make it easier to sue credit reporting agencies.
"It's cheaper for businesses to issue credit to a bad guy and write off the losses and ruin some innocent victim's life than it is for them to do the job right the first time," he said. "It's because they don't pay the cost of identity theft. Victims do."
