Who We Are Republican Views Newsroom Documents Archives Subcommittees Search the site Home

Prepared Statement of The Honorable Cliff Stearns

Securing Consumers' Data: Options Following Security Breaches

Subcommittee on Commerce, Trade, and Consumer Protection
May 11, 2005

Good Morning. Today, we continue the Subcommittee's examination of consumer data security and identity theft. As all of us are keenly aware, our important work is set against the backdrop of almost daily reports of consumer data security breaches at data brokers, retailers, banks, universities.and the list goes on. It seems like every corner of our economy has been touched. Understandably, the public is worried. The reported breaches involve everything from elaborate high-tech hacker attacks to simply theft of physical consumer data that had been poorly secured. The consumer impact of these breaches has been just as varied. Some cases never result in identify theft or financial loss while others affect significant consumer populations, with some estimates of those affected ballooning past initial numbers as further investigation reveals even bigger cracks in the digital infrastructure. And while our initial assessment of the extent of this problem for consumers and businesses is still a bit fuzzy, the cracks and vulnerabilities are becoming more apparent to the Committee and to the public. Questions are starting to be raised about the inherent security of a large segment of the commercial marketplace. This should concern us all.

The Committee understands this concern. And to address it, there are a number of issues that need careful examination. First, we must ensure that existing federal law is not leaving open ways for certain entities to skirt the objectives of the primary laws governing this area, including the Fair Credit Reporting Act and Gramm-Leach-Bliley. Second, if we determine that existing law is inadequate, we need to get a clearer and more accurate assessment of the scope of the problem across all sectors, assess the current legal tools we have to attack it, and weigh the need for additional regulation and other approaches. Other non-regulatory approaches could include applying good old American technological ingenuity to buttress current consumer data security regulations.

Throughout this series of hearings we have heard from a number of experts that data security breaches go hand in hand with identify theft -- a phenomenon that keeps getting bigger and more insidious. The numbers are sobering. At our March hearing, the FTC testified that over 10 million people were victims of identity theft during the one-year period of its latest survey. The FTC estimated that this figure translates into loses of nearly $48 billion for businesses, almost $5 billion for consumers, and close to 300 million hours spent by those individuals and businesses trying to resolve the problems generated by these crimes. We cannot allow our consumer economy to be undermined by these criminals. Consumers, business, and the public sector need to strengthen defenses collectively. The reality is that the bad guys will always be around. It is up to us as consumers, businesses, and public institutions to make sure that our data is locked down and accounted for. The best offense to combat identity theft is simple prevention coupled with an assurance that entities dealing in consumer data adhere to consistent and comprehensive security standards with bite.

The accessibility and portability of consumer data in an information-driven market has made controlling who has access to what more difficult than ever. Consumer data breaches and resultant identity theft continues to grow and affect broader commercial activity at all levels, not just a specific industry or sector. Consumer data in our modern markets has become a commodity. It is bought and sold. It is processed and analyzed. And it is now an integral ingredient in disciplines as varied as finance, demographic research, direct marketing, academic study, and law enforcement. I believe that the majority of these activities improve our lives and wellbeing. They make us more productive, allow higher standards of living, and afford us better personal and national security, particularly in a post 9/11 world. What is lacking, however, is a safeguard system in which our personal data is shielded by robust security no matter where it goes or who possess it. We need to examine approaches that enable robust security measures to surround personal data as it speeds through commerce.

I think this is where advanced technology can play a larger role in helping reduce the incidence of identity theft. Technologies like sophisticated encryption techniques, advanced password authentication systems, as well as better and more widespread use of advanced data security software all can play an important role in improving our defenses. Technology can also be used to facilitate more uniform best practices in affected sectors that deal in consumer data.

Let me be clear, I do believe that additional measures are necessary. But for those still undecided, this hearing and the preceding ones should provide a great deal of information to make a judgment. I think it's fair to say that one thing is certain -- criminals cannot be allowed to capitalize on another high-tech, nefarious business model to steal and defraud American consumers, business, and public institutions. We've seen that happen with spyware and spam. It can't be allowed to happen here. Therefore, our focus needs to be on first clearly identifying what is not working before we act on a national scale. But with each new breach, we are losing more valuable time to put an end to a new breed of professional cyber-criminal and the inappropriate and illegal activities that at are slowly corroding consumer confidence in the integrity of information-driven commerce and technology.

I would like to thank our distinguished panel of witnesses for joining us today. We look forward to your testimony. Thank you.

Related Documents

Tipline: Report Waste, Fraude, and Abuse
Majority Site