Spitzer turns fire on ID theft as DSW data breach deepens
19 April 2005 | 8131 views | 0
New York Attorney General Eliot Spitzer has proposed a legislative package aimed at strengthening law enforcement and ensuring disclosure to consumers of security breaches affecting personal financial information.
The ID theft measures are aimed at giving consumers better control over the dissemination of personal information, strengthening government’s ability to prosecute crimes leading to identity theft and increasing penalties for such crimes.
Says Spitzer: "New York State must enact reforms to strengthen consumers’ ability to control personal information and to facilitate the prosecution of identity theft crimes."
In February, the Federal Identity Theft Data Clearinghouse reported that 38% of all fraud claims in 2004 related to identity theft, and New York State ranked seventh in the nation in per-capita identity theft reports.
The issue has risen up the national policy agenda following a spate of high profile security breaches at US banks, retailers and information brokers in the past couple of months. Publicity surrounding security gaffes has increased since the passage of legislation in California forcing data holders to disclose incidences of theft.
In the most recent case, DSW Shoe Warehouse says thieves who accessed the firm's database obtained 1.4 million credit card numbers and the names on those accounts - 10 times more than the company estimated last month. Two major information brokerage companies, ChoicePoint, and LexisNexis have also admitted that data files of over 455,000 consumers were breached, while approximately 180,000 GM Mastercard holders will soon receive notification that someone might have stolen their personal information in a data break-in at Polo Ralph Lauren Inc.
Spitzer’s legislative proposals would establish statewide personal information opt-out lists and allow consumers to institute a 'security freeze' on credit files. Information brokers would also be required to inform consumers of any legitimate disclosure of their data and notify them of potential security breaches.