Monday, August 22, 2005


Data-protection turf war pleases lobbyists
From the NCISS Legislative Committee

August 17, 2005

Data-protection turf war pleases lobbyists By Elana Schor, The HillThe many data-security bills wending their way around the Hill are sparking a turf war in the Senate but relief on K Street, where lobbyists in several industries welcome the crush of options as a much-needed drag on momentum.While acknowledging the need to regulate trade in consumers' personal information to prevent identity theft, lobbyists say the universe of companies potentially affected by new data-security standards presents challenges that lawmakers have yet to address fully. By next month, two more congressional committees are likely to join the four already working on the issue.''It's difficult to even define an industry here because you have so many different kinds of companies who have suffered breaches - data providers, banks, credit-card providers. It's difficult to decide who would have jurisdiction,'' said Abby Stewart, a lobbyist at Jefferson Consulting Group, which represents one of the businesses that recently has endured the public-relations nightmare of a personal-data breach.

The Senate Commerce Committee cleared the first hurdle just before the August recess, unanimously approving an anti-ID-theft bill that prevents the trading of Social Security numbers without their owners' consent and allows easy freezing of consumer-credit reports. But banking lobbyists, and Senate Banking Committee Chairman Richard Shelby (R-Ala.), were displeased with Commerce's quick movement."The Fair Credit Reporting Act is a Banking Committee issue, and Senate Commerce just ripped it out and put it in their bill," said one banking lobbyist who asked not to be identified. "his is the problem with all the bills; it's a huge jurisdictional fight."Bob Davis, top lobbyist for America's Community Bankers, sent a letter to Commerce Chairman Ted Stevens (R-Alaska) and ranking member Daniel Inouye (D-Hawaii) urging them to withhold support for the bill over two provisions: credit freezing, which banks fear could inadvertently discourage consumers from signing up for new credit cards, and permitting state attorneys general to sue nationally regulated banks for noncompliance. Stevens and Inouye nonetheless endorsed the bill, which was introduced by Sens. Bill Nelson (D-Fla.) and Gordon Smith (R-Ore.).

Stewart echoed the banking lobbyist's sentiment when discussing the Senate Judiciary Committee, which postponed consideration of three separate data-security bills until the end of recess. "It's an intriguing concept that they would have jurisdiction at all," she said.The lead Senate Judiciary bill, sponsored by Chairman Arlen Specter (R-Pa.) and ranking member Patrick Leahy (D-Vt.), attracts criticism from lobbyists because it could let states wriggle free from some aspects of new national data-security rules. Another Judiciary bill, written by Sen. Dianne Feinstein (D-Calif.), has a crucial cheerleader in ChoicePoint, the data broker that disclosed the first of this year's high-profile security breaches."We'd like to see a vehicle like that get through," said David Davis, vice president of government affairs at ChoicePoint, referring to Feinstein's bill. The company supports Feinstein's language about the definition of "real harm" posed to consumers, sometimes call the "California standard," which would trigger automatic notification of an ID-theft risk.Davis praised Stevens's promise to hold up floor consideration of the Senate Commerce bill until chairmen can resolve their jurisdictional clashes but noted the realities of a legislative clock ticking down into fall. "If all the stars were aligned, and Banking and Judiciary stepped back, then you would still have the House," he said.

ChoicePoint is one of only a few stakeholders actively pushing for a bill to pass this year. Most other lobbyists were not discouraged by the likelihood that Congress's crammed calendar would make consensus on data security unreachable before 2006.So far only the House Financial Services Committee has tackled the question of who pays for consumer notification after a security breach, one of the most pressing priorities for banks and credit-card issuers. That committee's bill, introduced by Reps. Deborah Pryce (R-Ohio) and Mike Castle (R-Del.), requires the company responsible for the information exposure to foot the bill for "reasonable and actual costs."One financial-services lobbyist said an accountability vacuum in the aftermath of a large-scale data compromise could be hazardous. "If there is a fear of liability, about what happened and who's paying, the flow of information gets severely restricted."Giving too many concessions to banks and credit cards could alienate data brokers such as ChoicePoint and Lexis-Nexis, which was hacked by ID thieves in March in a breach the company first projected as one-tenth of its actual size.
In addition to requiring responsible companies to pay for notification, some lobbyists would like to see banks get reimbursed for the new creditcards that often must be issued after a breach.In the House, the Energy and Commerce and Judiciary committees remain in the process of drafting their data-security bills. The former version will likely give blanket enforcement power to the Federal Trade Commission, an annoyance to banks that want their financial regulators to take on data-security duties to avoid creating new bureaucracy.

Yet another player in the game is the private-investigation community, which has formed a lobbying coalition and embarked on a vigorous publicity push to remind lawmakers that access to Social Security numbers does not solely affect public law enforcement.Lawrence Sabbath, who lobbies for the National Council of Investigation & Security Services (NCISS), said the substitute amendment in Stevens's committee ironically could keep private eyes from tracking down the same fraudsters who perpetrate ID thefts. "They recognize that there are potential problems," Sabbath said. "There is some indication that that [Social Security] provision may not remain in the bill."
Submitted by Bruce Hulme, Chairman, for the NCISS Legislative Committee.

Professional investigators wishing to support the medial/PR/legislative efforts of the National Council of Investigation & Security Services and to protect investigators' continued access to SSN, DOB, DLN and personal information from restrictive federal legislation in Washington may send contributions to the NCISS Legislative Fund at 7801 Sparrows Point Blvd., Baltimore, MD 21219.

Information about NCISS may be obtained by calling 1-800-445-8408 or going to*

For Important PI News via email, sign up for
LPDAM-eNews Bulletins
The online e-news service of the Licensed Private Detectives Association of Massachusetts
No Spam, No Chat, Just news for Professional Investigators