Corzine Announces Sweeping Identity Theft Bill

March 2005

Senator Jon Corzine (D-NJ) has announced sweeping legislation designed to prevent future identity theft incidents and provide consumer protections to victims of identity theft or other losses of identity and account information.

 

"Make no mistake about it, identity theft poses a very real threat to our economy — and it is on the rise," Senator Corzine said. "[...] With so many instances of fraudsters seeking to abuse an individual's good name, it is clear that more must be done to prevent the proliferation of identity theft."

 

The Identity Theft Prevention and Victim Recovery Act was unveiled during Senate Banking Committee hearings on identity theft, the first in a series of congressional hearings prompted by a string of large-scale compromises of personal consumer data. One of the most notable was Bank of America's loss of computer data tapes containing Social Security numbers, account data, and other personal information for an estimated 1.2 million federal employees, including 60 members of the U.S. Senate. In another high-profile breach, identity thieves established bogus business accounts with data broker ChoicePoint, then used them to obtain access to hundreds of thousands of consumers' personal and financial information.

 

Senator Corzine's proposed legislation requires financial institutions and other commercial entities — including third-party data brokers such as ChoicePoint — to establish security systems that effectively safeguard the sensitive personal information in their care. Under a provision patterned after U.S. securities regulations, the company's Chief Compliance Officer or its CEO would be required to "personally attest that these safeguards are in place and that the firm has an ongoing system of monitoring its compliance with federal guidelines."

 

The Corzine bill also addresses victim notification and recovery efforts by requiring firms to notify affected customers, credit reporting agencies, and law enforcement promptly of any breach or loss of sensitive customer information — though it allows for an appropriate delay if required by law enforcement. It also requires that fraud alerts be placed in the credit files of possible identity theft victims.

In some respects, the proposed legislation echoes an amendment proposed by Corzine to the Fair Credit Reporting Act (FCRA) reauthorization bill — an amendment that was ultimately dropped in the face of opposition from the financial services industry and federal regulators.

The new legislation also includes provisions establishing regulatory oversight for third-party data collectors, and allows for civil action by state attorneys general and individual consumers for violations that result in identity theft.

"American families deserve a full accounting of how financial institutions are securing their personal financial information," Senator Corzine said. "It is not enough to encourage Americans to shred their documents. The institutions that store this information on tape drives and computer databases must be just as vigilant."