Congress Must Deal With ID Theft

An article in Wired is so sensible that I fear its suggestions have no chance of being adopted. :-(

On Thursday, the Senate Committee on Commerce, Science and Transportation will hold a hearing on identity theft with members of the Federal Trade Commission. The purpose is to gather information to determine whether more federal legislation is necessary to protect consumers from identity theft.

We'd like to save the Senate some time and tell them the answer is yes...

Recent high-profile data security problems at companies like ChoicePoint, LexisNexis, Bank of America and Citibank make it clear that companies are doing little to protect sensitive data, despite assurances years ago that voluntary industry guidelines they established would pre-empt the need for government regulation.

Realizing that self-regulation isn't going to work anymore, several lawmakers have proposed piecemeal solutions to address the problem of identity theft. But many of them don't go far enough.

Following are the fixes we think Congress should make:
Require businesses to secure data and levy fines against those who don't...
Require companies to encrypt all sensitive customer data...
Keep the plan simple and provide authority and funds to the FTC to ensure legislation is enforced...
Keep Social Security numbers for [only] Social Security...
Force credit agencies to scrutinize credit-card applications and verify the identity of credit-card applicants...
Extend fraud alerts beyond 90 days...
Allow individuals to freeze their credit records so that no one can access the records without the individuals' approval...
Require opt-in rather than opt-out permission before companies can share or sell data...
Require companies to notify consumers of any privacy breaches, without preventing states from enacting even tougher local laws...