ID Theft Bill Widens Encryption Rules
Congressional leaders appear eager to pass an identity-theft law this week, and their proposals are becoming tougher.
Last week, Reps. Joe Barton, R-Texas, and John Dingell, D-Mich., the chairman and ranking minority member of the House Committee on Energy and Commerce, respectively, floated a draft bill requiring businesses engaged in interstate commerce to encrypt sensitive personal data.
The bill calls for data brokers to submit their security policies annually to the Federal Trade Commission for approval.
Broader than any other IT security proposal on Capitol Hill-including the latest Senate bill, the Personal Data Privacy and Security Act-the Barton-Dingell draft bill deals with the kind of government technology involvement most industries fear.
The IT industry, however, has become increasingly vocal on the need for Congress to act.
"The public has been crying out for help, and businesses have not responded," said Mike Gibbons, vice president of Federal Security Services for Unisys Corp., based in Philadelphia. "It's not a Chicken Little affair. I say the sky has already fallen; it's just a matter of when a piece is going to hit you."
Definitions are a thorny issue in identity-theft legislation. Many details will likely be left to regulators, who will have to show nuanced technological understanding.