[Dataloss] The Anti-ID-Theft Bill That Isn't
lyger
lyger at attrition.org
Thu Apr 20 10:14:51 EDT 2006
http://www.wired.com/news/columns/0,70690-0.html
By Bruce Schneier
02:00 AM Apr, 20, 2006
California was the first state to pass a law requiring companies that keep
personal data to disclose when that data is lost or stolen. Since then,
many states have followed suit. Now Congress is debating federal
legislation that would do the same thing nationwide.
Except that it won't do the same thing: The federal bill has become so
watered down that it won't be very effective. I would still be in favor of
it -- a poor federal law is better than none -- if it didn't also pre-empt
more-effective state laws, which makes it a net loss.
Identity theft is the fastest-growing area of crime. It's badly named --
your identity is the one thing that cannot be stolen -- and is better
thought of as fraud by impersonation. A criminal collects enough personal
information about you to be able to impersonate you to banks, credit card
companies, brokerage houses, etc. Posing as you, he steals your money, or
takes a destructive joyride on your good credit.
Many companies keep large databases of personal data that is useful to
these fraudsters. But because the companies don't shoulder the cost of the
fraud, they're not economically motivated to secure those databases very
well. In fact, if your personal data is stolen from their databases, they
would much rather not even tell you: Why deal with the bad publicity?
[...]
More information about the Dataloss
mailing list