logo Standing Up To Powerful Interests
IssuesNewsReportsHow You Can HelpResultsAbout NCPIRGNCPIRG Education Fund JOBS

ISSUES

More Issues In the News

SearchRSS Feed

The Charlotte Observer - 07/06/2006

Legislators target gap in ID theft law

by Andrew Shain
Consumer Writer

N.C. state and local governments would have to tell residents when agencies lose or expose personal information, under legislation introduced Wednesday.

The bill would close a gap in a data-breach notification law passed last year that covered just businesses. The loophole was first reported in the Observer last week.

In crafting the original legislation, N.C. Attorney General Roy Cooper's office did not include government agencies because the emphasis was on changing business practices in the aftermath of publicized breaches at data broker ChoicePoint and Bank of America.

Now with recent revelations of government-agency breaches, including one at the U.S. Department of Veterans Affairs last month, Cooper wants "to make sure to the extent possible that state agencies play by the same rules," said Josh Stein, senior deputy attorney general who heads the office's consumer protection division.

Governments should have been included in the original breach-notification bill, said Rob Thompson, consumer advocate for the N.C. Public Interest Research Group.

"This seems like a major oversight or it was done for political reasons," he said. "Either way, it was not done well."

Federal, state and local government agencies account for the majority of the 200-plus publicly revealed breaches since 2005, according to data compiled by the Privacy Rights Clearinghouse, a consumer advocacy group.

Three of the six known data breaches that originated in North Carolina since 2005 involve public agencies, an Observer analysis found. That includes Social Security numbers of 619 Catawba County students discovered on the Web last month.

Cooper's office drafted the changes to the notification law with the help of Sen. Dan Clodfelter, a Charlotte Democrat who introduced the original bill last year. Those changes were discussed in the Senate Judiciary Committee on Wednesday and could be voted on today.

Currently, 21 of the 31 states that have passed breach-notification laws require government agencies to disclose data-security problems that possibly could lead to identity theft. South Carolina has no notification law.

What This Means to You

If the bill becomes law, governments would have to let you know if they lose your personal data, just as businesses already must do.

SEARCH THIS SITE
NCPIRG: 112 S. Blount St, Ste 102, Raleigh, NC 27601