WASHINGTON COMPUTER THEFT SPURS CONGRESS TO TACKLE ID THEFT REFORMS http://www.azcentral.com/news/articles/0620Identity-Theft-Bills-ON.html
Dow Jones/Associated Press Jun. 20, 2006 08:22 AM

WASHINGTON - The report about the computer equipment stolen last month from the home of a U.S. Department of Veterans Affairs analyst has breathed new life into the 16-month debate over how to create new safeguards against identity theft.

But fear about the misuse of this new stolen data, which include information on close to 26.5 million veterans and 1.1 million active duty personnel, could trump competing bills that address data security more broadly and have been in the works since February 2005.

"The VA breach has sparked more of an interest on Capitol Hill," said Susanna Montezemolo, a policy analyst at Consumers Union.

Since the VA breach was reported, lawmakers have introduced roughly 10 bills in the House, one as recently as Friday. Rep. Steve Buyer, R-Ind., who heads the House Committee on Veterans Affairs, has announced five hearings this month related to the stolen computer and data security.

"We must act promptly, yet we must also understand what went wrong at VA so that we can prevent it from happening again," he said earlier this month. "We will conduct an aggressive series of hearings to give us the information we need to both remedy any harm done to veterans by this incident and fix the problems in the system."

Identity-theft concerns exploded on Capitol Hill in February 2005 when ChoicePoint Inc. announced it might have improperly sold the personal information of 145,000 people. Since then, dozens of banks, insurance companies, universities and retailers have also reported data-security breaches.

"Every now and then, there'd be a security breach that made the news," Montezemolo said. "There was nothing huge until the VA breach hit. That changed the landscape."

Other committees have been working on data security legislation this year. Separate bills passed by both the House Financial Services Committee and the Energy and Commerce Committee have tried to address identity theft more broadly, and Sen. Robert Bennett, R-Utah, is expected to introduce a bill to the Senate Banking Committee later this week.

One major difference between the two House bills is whether a federal standard should trump the policies recently established in 23 states regarding credit freezes. Almost all of these state laws would allow customers who have lost personal information to freeze their credit reports, which would prevent anyone from opening up a new credit-card account or obtaining any sort of loan.

The Financial Services Committee bill would pre-empt the state laws by saying the consumers could only freeze their credit reports once they became victims of identity theft, not just if it's lost or stolen. The Energy and Commerce bill doesn't have this pre-emption.

Consumer advocates have said the pre-emption would make it too hard for people to protect stolen information, but banking industry officials have argued there needs to be a uniform standard that companies can follow rather than different requirements from different states.

"We believe the Financial Services Committee bill best achieves that," said Greg Mesack, director of government relations for America's Community Bankers.

But Montezemolo said her group would oppose a bill that stripped out state protections.

The House is expected to hold a vote on one of the bills in the next few weeks, but it is unclear how a focus on the VA breach will impact the plans.