NCISS Federal Legislative Update

The NCISS Legislative Committee, through our retained government relations expert Larry Sabbath, has been holding talks with the Washington, DC staff of Senator Dianne Feinstein regarding proposed privacy legislation. One bill that she has proposed would appear to be acceptable to our profession if a few minor changes were made. However, another bill containing provisions similar to S. 228, which she has introduced in the past and plans to introduce soon, would not be acceptable. At the present time she appears to be leaning towards a bill which NCISS will have to fight unless she agrees to allow certain exceptions. Please take a few moments to review the senator's comments in her press release below. The National Council of Investigation and Security Services will continue to either defeat, amend or stall passage of this type of legislation. I would also like to take this opportunity to again thank the many members of our profession that met with their members of Congress, wrote letters, and contributed to the NCISS Legislative Fund, all of which efforts resulted in our victory in 2004 to defeat the Feinstein/Shaw legislation that would have closed our access to credit headers.

Bruce H. Hulme, Chairman, for the NCISS Investigations Legislative Committee

Washington, DC - U.S. Senator Dianne Feinstein (D-Calif.) has announced plans to introduce three bills in January 2005 to tackle the burgeoning problem of identity theft.

"Inadequate protection of Social Security numbers and other personal information has left American consumers at tremendous risk of identity theft," Senator Feinstein said. "With millions of Americans experiencing this invasive crime each year, it is past time that we address this problem. Theft of a Social Security number can be especially devastating, because that piece of information has become a de facto identifier in American society."

A September 2003 report released by the Federal Trade Commission (FTC) found that almost ten million people had been victimized by identity theft in the preceding year, resulting in losses of over $47 billion. Another FTC report found California to have the third-highest rate of identity theft per capita in 2003.
Senator Feinstein's package of bills would regulate the use of Social Security numbers by government agencies and private companies, set national standards for database security, and establish guidelines for companies that send their consumers' personal information overseas for processing.

Despite the widespread use of Social Security numbers, "no single federal law regulates the overall use or restricts the disclosure of Social Security numbers by governments," according to the General Accounting Office. As a result, the use of Social Security numbers is regulated by an inconsistent patchwork of State and Federal laws. Senator Feinstein's bill to regulate the use of Social Security numbers would:

a.. Prohibit the sale or display of Social Security numbers to the general public,
b.. Remove Social Security numbers from government checks and driver's licenses, and
c.. Require Social Security numbers to be taken off of public records published on the Internet.

After hearing several reports of hackers breaking into databases containing personal information, in June 2003 Senator Feinstein introduced the Notification of Risk to Personal Data Act, a bill modeled on California's database security law. The legislation, which she is reintroducing this year, would:

a.. Define as personal data an individual's Social Security number, driver's license number, state identification number, bank account number, or credit card number,
b.. Require a business or government entity to notify an individual when it appears that a hacker has obtained unencrypted personal data,
c.. Levy fines by the FTC of $5,000 per violation or up to $25,000 per day while the violation persists, and
d.. Allow California's privacy law to remain in effect, but preempt conflicting state laws.

"I strongly believe individuals have a right to be notified when their most sensitive information is compromised - because it is truly their information," added Senator Feinstein. "This is both a matter of principle and a practical measure to curb identity theft."

Another area of concern to Senator Feinstein is the lack of regulation governing personal data that is shipped overseas for processing. Tax returns for about 200,000 Americans were prepared in India in 2004. Senator Feinstein is working with Senator Bill Nelson (D-Fla.) to address the danger presented by outsourcing information.

Senator Feinstein is a longtime advocate for policies that protect the personal data of consumers. Last year, the Identity Theft Penalty Enhancement Act, sponsored by Senator Feinstein and developed in coordination with the Justice Department, became law. The Act imposes tougher penalties on identity thieves and makes it easier for prosecutors to target those identity thieves who steal for the purpose of committing the most serious crimes, including terrorism.