Relief from the ID thief: lawmakers continue to battle the growing crime of identity theft.

• Author: Morton, Heather

The number of consumers whose personal information, including Social Security numbers, driver's licenses and credit card numbers, has been exposed to potential identity theft is staggering. Hackers gained information on 1.4 million consumers from Discount Shoe Warehouse, for example. Bank of America back-up tapes containing information on 1.2 million government workers have been lost. Other large companies--including Ameritrade, CardSystems and Motorola-have also suffered security breaches.

Businesses are not the only ones having trouble keeping their databases safe. Information on more than 100,000 University of California students and applicants was stolen, and 33,000 Air Force officers and some enlisted personnel were notified that their online Assignment Management System was hacked. Even the Federal Deposit Insurance Corporation in 2003 disclosed that information regarding roughly 6,000 current and former employees was breached.

Consumers are justifiably concerned. Results from a May 200S Gartner survey revealed that one third of the 5,000 people contacted are "very concerned" about being victimized by identity theft, causing nearly half to curtail their online activities. A smaller survey of likely voters released by the Cyber Security Industry Alliance, an industry group, had similar results. According to that survey, 71 percent of voters believe new laws are needed to protect consumer privacy on the Internet.

Responding to constituent concerns, legislators have increased penalties, made it easier for victims to report identity theft, and limited the availability of personal information. State lawmakers also have created new solutions such as security breach notifications, consumer report security freezes and identity theft passports. Despite these measures the crime continues to grow.

PUBLIC NOTIFICATION

The practice of letting the public know about the breaches in database security is due in part to California's 2002 Notice of Security Breach law. This law, sponsored by Senator S. Joseph Simitian, requires that California residents be notified when unencrypted computerized data that include personal information maintained by a business or a state agency may have been acquired by an unauthorized person.

"It is a simple law that we hope will do four things: give every California resident the protection of notice, improve data security around the state and nation, spread awareness to other states and get the federal government...