Wednesday, March 9, 2005

Lexis-Nexis security breach underscores need to rein-in loosely regulated information broker industry

Consumers Union calls on Congress to enact the Information Protection & Security Act

(WASHINGTON, D.C.) – Today’s announcement by LEXIS-NEXIS that a database recently purchased by the company with sensitive personal data has been compromised, underscores the need to enact new rules to impose strict security practices on the information broker industry. Consumers Union, the nonprofit publisher of Consumer Reports ® , is calling on Congress to pass the Information Practices & Security Act so that consumer data maintained by information brokers doesn’t fall into the hands of identity thieves.

“Another day, another security breach scandal,” said Gail Hillebrand, Senior Attorney for Consumers Union’s West Coast Office. “This latest incident involving LEXIS-NEXIS highlights how ChoicePoint is not the only information broker being targeted by identity thieves. Congress needs to act to ensure that information brokers maintain strict security and customer screening practices so consumers are protected from this serious identity theft threat.”

LEXIS-NEXIS announced today that personal information on as many as 32,000 people had been fraudulently accessed. Information accessed included names, addresses, Social Security numbers, and driver’s license numbers. The files were part of a database maintained by Seisint, which is owned by LEXIS-NEXIS.

The Information Protection and Security Act introduced by Senator Bill Nelson (S. 500) and Representative Ed Markey (H.R. 1080) will protect consumers in a number of important ways. The bill calls on the Federal Trade Commission (FTC) to enact strong rules that require information brokers to maintain and enforce strict security and customer screening procedures. In addition, the bill directs the FTC to promulgate rules that ensure that information brokers honor certain fair information practice principles such as providing individual access to personally identifiable information and individual rights to correct erroneous information.

Consumers Union also is supporting efforts in Congress and in state legislatures to enact laws requiring companies to notify all consumers whose information has been compromised as a result of a security breach. Currently, only California has such a requirement, which applies just to its state residents. And Consumers Union supports tougher protections for consumers who are notified of security breaches, such as the right to place a seven-year fraud alert on their credit files.

A copy of Consumers Union’s letter in support of the Information Protection and Security Act can be found at: http://www.consumersunion.org/pub/core_financial_services/002028.html
More information about Consumers Union’s efforts to combat identity theft is available at www.FinancialPrivacyNow.org

FOR MORE INFORMATION:
Gail Hillebrand: 415-431-6747
Susanna Montezemolo: 202-462-6262