Carper-Bennett Bill Protects Consumers From Identity Theft

Legislation Applies to Financial Institutions and Government Agencies

Sen. Tom Carper (D-Del.) joined fellow Senate Banking Committee member Bob Bennett, R-Utah, today to introduce legislation that helps protect consumers and businesses from identity theft and account fraud.

The Data Security Act of 2007 requires entities to safeguard sensitive information, and notify consumers of a security breach that could lead to identity theft and cause serious harm.

This Carper-Bennett bill requires such institutions as financial establishments, retailers and federal agencies – safeguard sensitive information, investigate security breaches, and notify consumers when there is a substantial risk of identity theft or account fraud. That means retailers who take credit card information are now covered; data brokers who compile private information are covered; and government agencies that possess nonpublic personal information are also covered.

"It seems nearly every day there is a report of a security breach at a government agency or at a financial institution that puts millions of Americans at risk for identity theft," said Sen. Carper. "Identity theft remains a very real threat for many Americans."

"There is no doubt that the Information Age has increased the quality of life for Americans, and helped U.S. businesses improve productivity and efficiency to better serve their customers. Unfortunately, with these benefits come new challenges," said Bennett. "Criminals are also putting technology to work and will exploit any weak link in the cyber world, exposing more people to identity theft and financial account fraud."

The Data Security Act of 2007 is modeled after the data security and breach-response regime established under the Gramm-Leach-Bliley Act of 1999, and subsequent regulations.

Today, more than 30 states have enacted security breach notification laws. Although some state laws are similar, many have inconsistent and conflicting standards, forcing businesses to comply with multiple regulations, and leaving many consumers without proper recourse and protections.

"At the very least, identity fraud can cause worry and confusion, and at the very most it can cause serious financial harm," Sen. Carper said. "We need to replace the patchwork of state and federal regulations for identity theft with a national law that provides uniform protections across the country."

"The legislation Sen. Carper and I reintroduced today requires protection of information that can be used to commit these crimes regardless of where the information is held. In the unfortunate event of a security breach, our bill requires the creation of a uniform process for minimizing and mitigating the harm to businesses and consumers," said Bennett.

The bill builds on existing law to better ensure federal and state regulators comply with the law and to make sure that data security procedures are uniformly applied. Regulators of entities who do not comply would have the authority to levy finds, require corrective measures or even bar individuals from working in their respective industries.