 | |
| |
TechnologyDaily Mobile
Security, Privacy Issues Top State Agendas
by Chloe Albanesius
As federal lawmakers repeatedly question leaders of data brokerages about information security in hearings on Capitol Hill, state legislatures are moving quickly to enact bills intended to restrict unauthorized access to identifying information.
State lawmakers are also reaching out to remedy other privacy-related debacles, examining identity theft, spyware and wireless phone-number databases.
States Look To California
Often the legislative trend-setter, California paved the way in 2002 with S.B. 1386, which requires companies doing business with California customers to notify those consumers if their information is accessed in an unauthorized manner.
The law took effect July 1, 2003, about two years before reports of data security breaches at companies like ChoicePoint and LexisNexis became weekly, if not almost daily, occurrences. The recent rash of security issues has prompted other states' lawmakers to examine California's law and adapt it to assist their own citizens.
Arkansas Gov. Mike Huckabee in March signed S.B. 1167, the Personal Information Privacy Act. It requires companies to notify residents of security breaches or computer thefts, and encourages businesses and state agencies to develop "reasonable" security policies if they handle sensitive information.
In Indiana, Gov. Mitch Daniels last month signed S.B. 503, which bans a state agency from making Social Security numbers available unless an individual gives that agency permission to do so, or if they are mandated by court order or a law like the 2001 anti-terrorism measure known as the USA PATRIOT Act.
Meanwhile, an Arizona bill, S.B. 1447, tries to blunt the growing problem of "phishing." It would ban the practice of setting up a Web page or sending an e-mail message that appeared to be from a legitimate business in an effort to dupe someone into providing identifying information. The measure would allow the attorney general or the company affected by the scam to bring civil charges against the offender. Gov. Janet Napolitano signed the measure April 18.
California state Sen. Debra Bowen, a Democrat, introduced S.B. 852, which would update the state's law to require notification of any security breach, not just those that occur on computers.
In terms of security, "it shouldn't matter whether the thief got unauthorized access to a computer system or a filing cabinet or it got mailed," Bowen said in the nation's capital at an April panel on data security hosted by the National Conference of State Legislatures.
The bill passed the Senate Appropriations Committee on Thursday with a vote of 7 to 3.
California lawmakers are also considering A.B. 1694, which would allow consumers to place a security freeze on their credit reports if they suspect they are a victim of identity theft. It is pending in the Banking, Finance and Insurance Committee.
Delaware taps California's notification law with H.B. 116. That bill would require data brokers to notify consumers of data breaches. It was sent to the House Judiciary Committee last month.
Both chambers in Florida approved H.B. 481, which increases penalties for stealing personal information and provides mandatory minimum prison terms. The House and Senate in Illinois also approved H.B. 1633, which would require breach notification, regardless of whether the information was accessed in a legal or illegal manner.
Meanwhile, lawmakers in at least a dozen states have moved to halt cell-phone fraud. In an effort to prevent cell phone numbers from ending up in the wrong hands and to guard against users wasting cell phone minutes fielding telemarketing calls, lawmakers introduced bills that would ban wireless providers from including numbers in a cell phone directory without customer permission.
The governors of Georgia, South Dakota and Washington have signed legislation that supports this idea, while states like Alabama, California, Connecticut, Maryland, Minnesota, New York, Ohio and Rhode Island are considering similar bills.
States Hone In On ID Theft
State data-security laws are intended to prevent identity theft, but a number of states are focusing on bills that would solely combat ID theft, or provide extra protections in the event of a crime.
Arizona's Napolitano signed S.B. 1017 last month, which provides the state's Administration Department with ID theft protection services. The Democratic governor also signed S.B. 1058, which bans someone from possessing the identity of another person and prohibits trafficking in the ID of another person.
Arkansas' Huckabee was busy once again, signing at least five ID theft related bills. They include H.B. 2094, which would prevent those convicted of ID theft from working with the developmentally challenged and H.B. 1740, which would provide victims of ID theft with an "identity theft passport" to present to financial and credit institutions that their IDs were stolen. Meanwhile, H.B. 2849 looks to protect military records filed with a county recorder from ID theft.
Maryland's H.B. 818, meanwhile, signed by Gov. Robert Ehrlich last month, would create a task force to study ID theft.
The governors of Iowa, Kansas, Montana, New Mexico, North Dakota, Utah and Virginia also have signed ID theft legislation this year.
States Combat 'Spyware'
"Spyware" continues to be a hot topic, with Washington becoming the latest state to enact legislation against the technology. Spyware is monitoring software that is installed on users' computers without their consent.
Utah revamped its spyware legislation, H.B. 104, after a legal battle with a pop-up advertising company, while the governors of Arizona and Arkansas also signed bills cracking down on the scam.
The company, WhenU.com, claimed that the original spyware bill infringed on its constitutional right to advertise, prompting a judge to freeze the Utah bill last year until the problem could be resolved. The bill sponsor eventually said he would revamp the state's spyware law to more carefully classify which pop-up ads should be defined as spyware.
Arkansas' Huckabee signed three measures, two of which, H.B. 2261 and H.B. 2344, make appropriations for anti-spyware technology monitoring. The third, H.B. 2904, is a basic anti-spyware bill, as is Arizona's H.B. 2414.
Spyware bills are still pending in Alabama, Alaska, Illinois, Indiana, Kansas, Massachusetts, Michigan, Missouri, Nebraska, New York, Oregon, Pennsylvania, Tennessee and West Virginia.
California, which already has an anti-spyware that went into effect on Jan. 1, is considering S.B. 92, which would allow a person, Internet service provider, the attorney general or the district attorney to bring charges against a spyware scammer.
NEW FEATURE
-Advertisement-
-Advertisement-
-Advertisement-
