Measure proposed to protect identity theft victims
With identity theft an increasingly rampant problem, some lawmakers are trying to force businesses and agencies to report all suspected thefts of personal information.
Legislation in the House and Senate would require any organization that holds personal identification information to notify customers if it believes there has been a security breach in its systems.
“It’s a big problem,” said Nora Rifon, an associate professor of advertising at MSU.
Rifon, who conducted an online privacy study in 2004, said identity theft is the nation’s fastest growing crime and there is insufficient technology to protect consumers.
“Identity theft is ever increasing and it’s just going to happen,” Rifon said.
Rep. Steve Bieda, D-Warren, the sponsor of the House legislation, said identity theft has long-term consequences for victims.
“It’s the technological equivalent of Ft. Knox,” Bieda said. “In the wrong hands, it’s dangerous.”
According to the Identity Theft Resource Center, a national nonprofit organization in San Diego, almost 10 million Americans are victims of identity theft every year, with a total loss of $50 billion.
In February, ChoicePoint, one of the nation’s largest collectors of personal information, had its systems hacked into and the social security numbers and birth dates of 145,000 people stolen. That same month, Bank of America announced it had lost the personal information of 1.2 million federal employees, including members of the U.S. Senate. On April 12, LexisNexis reported that the personal information of 310,000 people nationwide might have been stolen.
Megan Owens of the Public Interest Research Group in Michigan, said the only reason the public is finding out about instances of theft is because many of the companies are located in California where state law requires them to notify victims.
“It helps ensure that if your personal information is stolen, you at least have the right to know,” Owens said. “People in Michigan shouldn’t have to rely on another state’s law to force companies to do the right thing.”
Owens said something should be done to stop companies from collecting so much personal data.
“Most people would be amazed to know how many companies collect data on them.”
Most companies would not be happy with this legislation, according to Owens.
“It’s a great concern for customers to put the decision to notify them in the hands of companies who don’t want to.”
Todd Willoughby, vice president of communications for the Michigan Banking Association, said the banking industry supports the proposal because it’s a step in the right direction to maintain the integrity of customers’ data.
“We have no defense,” Willoughby said. “We can only educate our customers.”
However, European banks maintain a stronger defense to the theft of personal information. For customers to gain access to many U.S. banks, only a user name and password are required.
In Europe, many banks require a PIN number, birth date and randomly selected characteristic from a password to access their account. BN