Mr. Chairman, thank you for holding this important mark-up today.
Since last November, when the Commerce, Trade and Consumer Protection Subcommittee marked-up an earlier version of this bill, some important improvements have been made to the legislation. I commend, for example, the addition of a new provision in the bill to prohibit data brokers from obtaining information under false pretenses – using the type of “pre-texting” that has victimized many Americans.
While this bill has been strengthened since Subcommittee consideration, I remain concerned about the loopholes that remain in the bill we are considering this morning. As you know, Mr. Chairman, this Committtee began crafting this bill in response to a security breach at data broker ChoicePoint and a deluge of subsequent breaches at similar data-gathering firms, government entities and universities. But there are important lessons from these data thefts that have not been incorporated in this bill.
I am hopeful that we might be able to make further improvements in the bill today, and I have prepared several amendments to enhance the bill’s consumer protections:
• The Manager’s Amendment does not provide consumers with adequate information before their personal information is transferred to offshore databases or data processors, even though such practices may heighten security risks. Last December, the Internal Revenue Service took an important step towards towards protecting tax return information from being offshored without consumer consent. It proposed a new rule that will require tax preparers to provide notice, and to obtain a consumer “OPT-IN”, before any tax information can be sent offshore by the consumer’s tax preparer. I applaud this initiative by the Bush Administration, and at this morning’s markup I will offer an amendment to extend this same principle to other types of information. My amendment would require companies to provide a conspicuous notice to consumers whenever they intend to offshore consumers’ personal data and give consumers the right to block such data transfers.
• The Manager’s Amendment also does not restrict commerce in Social Security numbers. The purchase and sale of Social Security numbers was identified in our hearings as a practice that had greatly facilitated identity thefts and a wide range of other crimes, and I know that Chairman Barton has expressed his support for restrictions on commerce in Social Security numbers. I think that Chairman Barton was right about the need to restrict the use of the Social Security number as a personal identifier. I will offer an amendment that would make it a crime for a person to sell or purchase Social Security numbers. Under my amendment, the FTC would be given rulemaking authority to restrict the sale of Social Security numbers, determine appropriate exemptions, and enforce civil compliance with the bill’s restrictions.
• The Manager’s Amendment also would effectively override stronger protections for consumers’ personal data that is contained in state laws across the country. I will offer an amendment to strike the bill’s pre-emption provision and replace it with language that reflects the appropriate balance contained in the Gramm-Leach-Bliley Act. Specifically, my amendment would ensure that federal law only pre-empted state data security statues to the extent that the specific provisions of state law were inconsistent with the federal provisions. Stronger state provisions would not be considered to be inconsistent with corresponding Federal provisions, and therefore would not be pre-empted. This is language that was previously approved by this Committee, in conference with the Senate, on the Gramm-Leach-Bliley legislation.
Mr. Chairman, I hope that you and other Members on the Majority can support these and other amendments that Democrats will be offering at today’s markup. The Manager’s Amendment makes some welcome improvements compared to the bill as introduced, but there are still many areas that need to be strengthened.