Search This Blog

Saturday, October 27, 2007


My home state of Arizona has come forward since the escalation of the identity crisis to enact some good legislation to help control the handling of its citizens’ names and private information. My favorites are two statutes that cover the use of Social Security numbers. The first makes it a civil penalty for government, business or an individual to intentionally release your SS#. They also can’t print the number on anything required for the individual to produce for products or services. The second prevents the use of SS#s by state colleges and universities as student ID’s. The assigning of Social Security numbers as a means of identification in higher education has handily played into the hands of the ID thieves; this area represents over 25 percent of the total data breaches, according to Privacy Rights Clearinghouse. In other Arizona legislation it is unlawful to knowingly dispose of personal records or documents that include name, address, Social Security number, credit card numbers, driver license number, etc. And, any person conducting business in the state that collects unencrypted private information and detects a breach of this information must notify the individual, but only if the breacher determines there will be harm to the person. The latter, in my mind—and this is shared by a majority of privacy advocates—is a huge weakness in laws of this type. Arizona residents are covered in the confidentiality of their health records with limitations as to disclosure to parties such as physicians, hospitals and as a matter of law. The Grand Canyon state recently enacted House Bill 2779 which made it against the law to take another person’s identity by the purchasing of fraudulent records. This was particularly directed toward the hiring of illegal aliens, and had quite an impact on the immigration issue in this state. You can see a listing of the 39 U.S. states with data breach laws by going to the Consumers Union site. Is your state there? If not, it should be. Since launching this blog in April of 2005, I have felt that the answer to protecting our names and personal data was to enact federal legislation, because it would be a uniform approach to solving the issue. However, with the Congress we have been dealt, even with the Democratic majority, there seems no hope of reaching a consensus on anything resembling a data breach law, much less consumer control over their sensitive data. Therefore, it is my contention now that some state legislator like Senator Debbie McCune Davis—sponsor of Arizona’s Senate Bill 1345 requiring credit reporting agencies to allow residents to place a security freeze on their credit report—must take the bold step of introducing legislation granting Arizonans the right of control over their names and private information. And while we’re at it, let’s compensate them when it is sold. Let me hear from you about what’s going on in your state. E-mail me at:

No comments: