There is a new federal law enacted to address the consequences of an identity theft:
“President Bush last week signed into law a bill that seeks to make it easier for prosecutors to go after cybercrooks, while ensuring that identity theft victims are compensated for their time and trouble when convicted identity thieves are forced to cough up ill-gotten gains.”
This legislation allows easier prosecution of hacking activities. However, the law does not address the security of data. Companies and agencies have data bases of millions of personal confidential files. Legislation needs to be enacted to safeguard those files with safe practice standards. For example, encryption of Social Security files should be mandatory. As the Countrywide identity theft incident illustrates, millions of people can be impacted with a single data breach. Entrusting a business or agency with one’s sensitive personal data should be protected by law.
One of the reasons that such legislation is slow in forthcoming is that government agencies themselves do not follow standard security procedures. Such legislation would make the government themselves the target of countless lawsuits for shoddy handling of private, confidential data bases.