WASHINGTON — Responding to outrage from consumers whose personal information has been stolen from companies, Congress is primed to pass new laws to try to prevent break-ins and to require businesses to confess to customers when private data is taken.
The government’s new interest in requiring such embarrassing disclosures reverses years of efforts by the FBI and U.S. prosecutors to shield corporations that have been victims of hackers from bad publicity by keeping such crimes out of headlines.
But now, consumers want to know if their private information has been stolen.
The Senate is considering at least two proposals to crack down on companies suffering breaches of private customer information. The Federal Trade Commission’s chairwoman has endorsed the idea and the Senate Judiciary Committee’s chairman hinted this week that a new law might be inevitable.
“We may well face a necessity for some really tough legislation,” said Sen. Arlen Specter, R-Pa.
The new push for government action responds to frustrated constituents who are among more than 10 million victims of identity theft each year. It comes after years of reluctance by most companies to voluntarily report break-ins that put customers’ financial information at risk.
“Congress is primed to take a very serious look at this and pass comprehensive legislation,” said Sen. Charles Schumer, D-N.Y., sponsor for one bill. “Nobody has given this problem the focus it deserves. This is a high priority.”
A California law already requires disclosures to victimized consumers who live there, and roughly 30 states are looking at similar laws.
“The last thing a merchant wants to do is tell all his longtime customers he’s been hacked and lost all their information,” said Keath Nupuf, chief technology officer for CardCops Inc. of Malibu, Calif. The company monitors Internet chat rooms and other hacker communications for stolen credit card numbers, then notifies merchants and consumers to block bad purchases.