Stop Searching.
Start Finding.
|
|
Pressure Increases, but CIOs Still Struggle to Stop Identity Theft
Data theft laws are gaining traction on Capitol Hill. But will the upcoming legislation do any good?
| Rate This Article: |
|
| Add This Article To: |
|
|
Pressure Increases, but CIOs Still Struggle to Stop Identity Theft - ' Consumer Protection ' (
Page 6 of 6 )
Over the past three decades, Congress has passed a patchwork of laws designed to protect—or invade—privacy. The results have been decidedly mixed, as the ongoing problems with lost or incorrect data and increased identity theft demonstrate.
1970
Fair Credit Reporting Act |
1974
The Privacy Act |
1986
Electronic Communications Act |
What it does: Allows consumers to view their credit reports and correct mistakes; limits access to consumer files to lenders, employers, landlords and anyone with a permissible business purpose.
What precipitated it: An avalanche of consumer complaints about inaccurate credit reports that had hindered their ability to obtain loans, buy a house, or even get a job, with no recourse to fix errors.
Comment: A notable first step to reining in the credit bureaus. Recent legislation improved on the FCRA by giving consumers the right to obtain one free credit report a year. But credit reports are still rife with errors, and the bureaus have been too lax about protecting files.
|
What it does: Requires federal agencies to inform people, at the time the agencies are collecting information about them, why this information is being collected and how it will be used; forbids agencies, without consent, from disclosing a person's records to anyone but that individual.
What precipitated it: Illegal surveillance of individuals, and surreptitious keeping of files by government agencies, exposed during the Watergate scandal.
Comment: The law has by and large curbed government privacy abuses and made agencies more transparent.
|
What it does: Attempts to extend to electronic communications, such as e-mail, the same protections from surveillance as oral and telephone-based communications.
What precipitated it: Fears that electronic communications were not covered by existing wiretap laws and, thus, could be accessed by authorities without judicial warrants or subpoenas.
Comment: A series of loopholes allow online services, ISPs and law enforcement to eavesdrop on electronic communications without first getting a court order.
|
1996
Health Insurance Portability and Accountability Act (HIPAA) |
1999
Financial Services Modernization Act
(also known as Gramm-Leach-Bliley) |
2001
U.S.A. Patriot Act
(full name is Uniting and Strenghtening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism) |
What it does: Mandates that consumers have access to their own medical records; requires healthcare providers to notify consumers about their privacy practices; compels healthcare providers to design systems to protect medical records from unauthorized individuals.
What precipitated it: Concern that the advent of electronic files left patient records, which had no legal privacy protection, more vulnerable to being intercepted by unauthorized individuals.
Comment: Offers minimal privacy protection. Even with HIPAA, most patients feel powerless to question the data policies of their healthcare providers—thus giving the providers carte blanche to set up any procedures they choose. Meanwhile, private patient information can be used for marketing without consumer consent.
|
What it does: Calls for financial institutions to inform consumers about the information they collect about them, how it is used and how they can stop it from being sold; mandates that firms develop policies to prevent fraudulent access to data.
What precipitated it: An outbreak of identity theft, and worries that industry consolidation would encourage mega-financial firms to pass consumer files freely from one department to another.
Comment: To keep personal information from being sold to third parties or shared internally, consumers must opt out—a right they are generally unaware of and that is usually offered in the small print. In addition, financial services firms have generally been lax about implementing security systems and have failed to stem identity theft.
|
What it does: Allows search of business and financial records, library history, bookstore purchases and the like pertaining to foreign intelligence suspects; permits eavesdropping on the Internet if an ISP agrees; authorizes the use of a single search warrant to snoop on a suspect's communications via land lines, mobile phone, the Web or any other means.
What precipitated it: Attacks of Sept. 11 exposed obstacles keeping law enforcement from investigating terrorism.
Comment: The bill has eliminated the walls that impeded law enforcement agencies from sharing information during terrorist investigations. Opponents believe it gives the government excessively wide-ranging rights to eavesdrop with little judicial oversight. So far, there have been no reported cases of privacy breaches as a result of the Patriot Act. |
|
Story Guide:
High Stakes, Few Solutions: Anomalous or not, high-profile data breaches put pressure on CIOs to secure sensitive information; how to do it is far from clear.
Risky Business: It's hard to do business at all without complete, centralized customer data, but customers are increasingly wary and vindictive about abuses.
Security by Design: New legislation will change the environment every bit as much as SOX; will it be enough?
Semi-Immune From Litigation: Compliance will be a headache, but meeting stated requirements may reduce your risk in the courtroom.
Privacy in Action: The give-and-take of privacy rules may, for example, force companies to choose between disclosing data breaches, or paying exorbitant insurance.
Consumer Protection: Congress has taken more than one stab at identity and privacy protection. This table will give you a quick reference to the relevant rules.
test 
|
|
| FEATURED SPONSORED VIDEOS | |
|
|
|
|
|
|
|
|
|
Government 
