The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Wednesday, May 11, 2005
Consumers Union, is calling upon Congress to deal with the issue of identity theft. They issued the following release on Monday, May 9:
CU calls on Congress to enact strong identity theft safeguards:"Consumers Union outlines reforms needed to protect consumers from identity theft
Senate Energy & Commerce Committee takes up ID theft at May 10 hearing; Subcommittee of House Energy & Commerce Committee follows on May 11
WASHINGTON, D.C. – In light of the recent rash of identity theft scandals, Consumers Union called on Congress today to enact new safeguards to help reduce the risk of such fraud, require companies to notify consumers when their personal information has been compromised, and provide new rights to help victims limit the damage of this fast growing form of financial crime.
“We’ve been reminded again and again this year how lax security by information brokers, financial institutions, and other companies has left consumers vulnerable to having their personal information fall into the hands of identity thieves,” said Susanna Montezemolo, Policy Analyst with Consumers Union’s Washington, D.C. office. “These companies should be held accountable for keeping sensitive consumer data safe and required to notify all Americans when their identities are placed at risk by a breach in security.”
In letters submitted to members of the Senate and House Energy & Commerce Committees, Consumers Union called on Congress to enact a series of reforms, including safeguards that:
- Reduce the risk of identity theft: Congress must impose strong requirements on information brokers to protect the data they hold and to screen and monitor the persons to whom they make that information available. Creditors should be required to take additional steps to verify the identity of an applicant when there is a sign of ID theft. And Congress should restrict the sale, sharing, display, and secondary use of Social Security numbers.
- Require notice of breaches of sensitive information: Congress must impose requirements on businesses, nonprofits, and government entities to notify consumers when an unauthorized person has gained access to sensitive information pertaining to them. Consumers need prompt and proper notice, including information on what kind of data has been stolen.
- Ensure that victims have rights: Congress should strengthen the Fair and Accurate Credit Transactions Act (FACTA) to provide greater protections for consumers at risk of identity theft and those who have already become victims. FACTA can be made more effective by extending the initial fraud alert period from 90 days to one year, automatically sending consumers with a fraud alert a free credit report, and giving consumers who receive a notice of a security breach the right to an extended fraud alert.
Consumers Union also called on Congress to authorize federal, state, local, and private enforcement and provide funding for law enforcement to pursue multi-jurisdictional crimes promptly and effectively. The group emphasized that victims also need tools to fix the problem once the breach occurs – such as making sure there is a clear process for preventing identity theft and repairing credit once a breach occurs, providing for free credit monitoring, and covering the costs of fixing the problem.
“Currently, when a company improperly breaches a consumer’s sensitive information, the onus is on that consumer – the victim – to fix the problem,” said Montezemolo. “If a company has put a consumer at risk of having their identity stolen, it should be obligated to help clean up any mess it created because of lax security practices.”"
Labels: identity theft, information breaches
The Canadian Privacy Law Blog is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.