ORLANDO, FL – Legislation that would require companies to promptly notify individuals whose information has been compromised by a data breach likely will be introduced when the 110th Congress convenes in January.
Jerry Cerasale, senior vice president of government affairs for the Direct Marketing Association, made this comment while speaking at the 2006 National Center for Database Marketing Conference here.
“Senator Harry Reid [D-NV] becomes the majority leader … and he has said he wants to have a security data breach bill passed in the first session of the 110th Congress, so I do expect some movement there next year,” he said. “There was a lot of movement in the last Congress, but it didn’t quite make it.”
Mr. Cerasale said the DMA supports such a bill “because a federal bill is better than having to comply with all of the state bills.” The type of data covered should include name, contact information such as mailing address or e-mail address, plus Social Security number, a driver’s license number or financial account number.
“We think those are the things that lead to identity theft,” he said. “You have to look at identity theft in two ways: I steal your identity by taking your information, and then there is a second crime – to make it work I go to a marketer and try to get something for nothing. The identity theft can be stopped at the marketer’s level if and only if the marketer has more information than the fraudster so they can check [to ensure they have the best possible information about the consumer].”
Mr. Cerasale also told session attendees to think about the kinds of information that legislators are considering when they draw up bills.
“Don’t just think about the information you have on your customer base or your prospects,” he said. “Think about the data you have on your employees.”