Chairman Arlen Specter (R-PA) presided over a Senate Judiciary Committee hearing yesterday looking further into recent breaches of personal information at data brokers like ChoicePoint, LexisNexis, and Acxiom. The hearing served to deepen the sense in Washington that Congressional action to regulate data brokers and the commercial use of personal information is inevitable at this point. Indeed, Specter himself went so far as to comment that he believes that “there will be some very firm federal regulation coming out of this issue.”
Witnesses included executives from the aforementioned companies (who came under intense fire from lawmakers once again), as well as CDT’s Jim Dempsey (PDF) and representatives from the FBI and Secret Service.
During the hearing, Senator Charles Schumer (D-NY) described legislation (S. 768) that he has introduced with Senator Bill Nelson (D-FL) that would, among other things, require data merchants to register with the Federal Trade Commission (FTC), require safeguards and authentication procedures to prevent unauthorized access of information held by data merchants, require standards to insure the accuracy data held by data merchants, and require that consumers be allowed to access and correct errors in the information a data merchant holds regarding them.
Senator Diane Feinstein (D-CA), who has also introduced legislation this week (S. 751) that would create an expanded federal version of California’s data breach notification law, provided one of the more interesting moments of the hearing. At one point, she pressed the data brokerage company executives to disclose the number and timing of data breaches they had each suffered to demonstrate how crucial California’s data breach notification law has been in forcing data brokers and how they use personal information into to light, suggesting that were it not for the California law consumers may never have found out about the breaches.
For more information on the hearing, see today’s Washington Post article.