Privacy protection: The government is no help

Does a day go by in which there are no stories about millions of confidential records stolen or lost?

Several sources indicate that the number of confidential client records stolen in the last few years is many tens of millions. Edentify, an identify theft prevention vendor, states that more than 32 million records from more than 70 vendors have been stolen in the first half of 2006 alone. They project over 78 million stolen U.S. identities by the end of the year.

The United States has a population of 298 million people, of which 85 percent are 19 or older. That works out to 235 million people with credit records and bank accounts to ruin. If Edentify's 78 million figure is even close to accurate, that means that 33 percent of America’s confidential information will be in the hands of thieves this year alone.

I’m sure some of you think Edentify’s figures are overstated and misleading, but they are calculated using publicly reported numbers; download a related identity theft chart created by Privacy Rights Clearinghouse, a nonprofit consumer organization, to see the data.

I'm inclined to believe them, myself, although I’m sure there is some data crossover -- I’ve been notified by three different vendors this year that my information has been stolen. But does anyone want to bet that the cross-reported figures would be more than offset by all the lost and stolen records that no one even knows about?

But, hey, cut the figure in half. Maybe only 32 million records will be stolen this year.

Is this a problem for anybody? Exactly what would it take for Congress to mandate real consumer protection? Because right now Congress is getting ready to sell consumers down the river.

As Gripe Line columnist Ed Foster recounted in his excellent report, there are several different data privacy acts under consideration in the House and Senate. I covered some of them last year; back when they were a jumbled and confusing set of proposals, none of which were written with the consumer in mind.

It’s gotten worse since then, and all of the bills under consideration now are even more bogus than before. Each seems to be personally written by the very businesses they are designed to regulate. Congress is becoming more ineffective, or worse, actively working to undermine current, stronger, state security laws.

If Washington cared about consumer security, it would pass a federal privacy law that protected every consumer and did not attempt to supersede stronger state laws. If Congress was concerned, any law passed to protect our computer security and privacy would:

* Mandate strong data protection for all confidential consumer data, whether held here or abroad (many U.S. corporations are storing consumer data overseas to avoid complying with the already existing weak U.S. laws);

* Mandate annual internal and external computer security reviews to ensure that consumer data is being protected;

* Mandate default encryption for all portable computers and media holding confidential consumer data;