The toll has been predictable and devastating:
• The cost of identity theft to U.S. businesses is estimated to be more than $50 billion a year.
• Nearly 2 million American households a year have their bank accounts, credit cards or debit cards compromised.
• The average amount stolen from each American consumer amounts to nearly $5,000 and the out-of-pocket cost for victims to resolve identity theft damage ranges from $850 to nearly $1,500.
• Just as troubling, 70 percent of victims have difficulty removing negative information from their credit reports because of identity theft.
With cyber attacks clearly on the rise, something needs to be done immediately. In April of this year alone, some 30 data breaches at hospitals, insurance companies, universities, banks, airlines and governmental agencies impacted nearly 100 million records. And that’s in addition to the massive breaches at Sony, Epsilon and Citigroup.
It’s time for Congress to take decisive action. Sophisticated and carefully orchestrated cyber attacks – designed to obtain personal information about consumers, especially when it comes to their credit cards – have become one of the fastest growing criminal enterprises here in the United States and across the world.
This ever-increasing problem only reinforces my long-held belief that much more needs to be done to protect sensitive personal information. The SAFE Data Act, HR 2577, is designed to accomplish this goal by establishing uniform national standards for data security and data breach notification. It’s crafted around a guiding principle: consumers should be promptly informed if their personal information has been jeopardized.
To help combat the growing problem of identity theft and online fraud, my legislation was approved this week on a voice vote by the House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade.
First, it requires companies and other entities that hold personal information to establish and maintain appropriate security policies to prevent unauthorized acquisition of that data.
It also requires the notification of consumers within 48 hours after identifying the specific information that was breached, unless it was an innocent or inadvertent breach unlikely to result in harm.
The SAFE Data Act also gives the Federal Trade Commission authority over non-profits for purposes of this act only. These organizations often possess a tremendous amount of consumer information, and they have fallen prey to numerous breaches in the past.
In addition, my legislation requires all covered businesses to establish a data minimization plan providing for the elimination of consumers’ personal data that is no longer necessary for business purposes or for other legal obligations.
And, finally, the SAFE Data Act preempts similar state laws to create uniform national standards for data security and data breach notification. We learned during our recent hearings that consumer notification is often hampered by the fact that companies must first determine their obligations under 47 different state regimes.
With nearly 1.5 billion credit cards now in use in the United States – and identity theft impacting as many as 1 in 10 Americans – the SAFE Data Act provides important new safeguards for U.S. consumers. Given the growing importance of e-commerce in nearly everything we do, we can no longer afford to sit back and do nothing. The time for action is now.
Rep. Mary Bono Mack (R-Calif.) serves as Chairman of the House Subcommittee on Commerce, Manufacturing and Trade.