Federal lawmakers concerned with protecting consumer data from security breaches should model legislation on the provisions of an effective law on the books in California, Property Casualty Insurers Association of America (PCI) Senior Vice President, Government Affairs Carl Parks said Tuesday.
The Senate Judiciary Committee will address legislation authored by Sen. Diane Feinstein (D-Calif.) that closely models the California law in a hearing Wednesday morning.
“We understand consumer concern over identity theft and privacy,” Parks said. “Security breaches at ChoicePoint, LexisNexis, Bank of America and two major universities in recent weeks have spurred consumer demand for protection and prompted public policymakers to develop proposals to regulate the collection and use of such data. We urge lawmakers to strike a balance that preserves the important uses of such information while effectively protecting the privacy of the data. To us, the current California law seems the most practical approach.”
According to the Federal Trade Commission, identity theft topped consumer fraud complaints in 2004 for the fifth straight year.
While California is the only state to have enacted a security breach law, 28 other states are considering some form of personal information protection legislation. In general, most proposed security breach laws would require data collectors to notify consumers if there is a breach of personal information such as social security numbers, drivers license numbers, or account numbers.
PCI supports the existing California statute as well as S. 115, as introduced by Sen. Feinstein.
“It was the California language that forced ChoicePoint to notify state residents of the security breach and brought it to the public’s attention,” Parks said. “Adopting this language will give national uniformity and consistency to the monitoring of a very sensitive issue.”