Hawaii needs legislation
to combat identity theft
Identity theft is a huge nationwide problem, the fastest-growing crime in the United States, according to the FBI. Last year alone, more than 9.9 million Americans were victims of identity theft that resulted in the loss of roughly $5 billion.
In Hawaii a student worker within the University of Hawaii-Manoa library system and her husband were arrested and indicted recently for obtaining student loans using other people's Social Security numbers and birth dates. The student had free access to the information in university's database of 150,000 students, faculty, staff and library patrons at all 10 UH campuses. UH officials have warned those possibly affected to take proper precautions.
Nationally, two major data collection companies recently revealed that they had improperly sold detailed personal information about hundreds of thousands of individuals.
ChoicePoint admitted that it had been tricked into providing information about 145,000 people to a group of bogus companies, and corporate officers of LexisNexis reluctantly disclosed under investigative pressure that it had improperly sold data on 310,000 individuals. The information was then used to set up bogus accounts on behalf of nonexistent businesses.
For companies in the data collection business, personal information about individuals is viewed as nothing more than a commodity to be bought and sold. These companies intentionally sold personal information to third parties without the consent of the affected individuals.
The companies offered little more than an apology for the inconvenience to those whose lives might have been disrupted or ruined by the fraudulent or criminal use of their personal data.
Personal data also can end up in the wrong hands if not properly handled or stored. CitiFinancial, the consumer finance division of Citigroup Inc., reported that it lost information about the accounts of 3.9 million U.S. customers, including Social Security numbers and payment histories, that was being sent by courier to a credit bureau.
In another recent case, information on more than 40 million credit and debit cards, including individuals' names, card numbers and security codes, was lost when hackers accessed credit data that should have been discarded but instead was kept in an un-encrypted form by Atlanta-based processor CardSystems Solutions.
Hawaii has few laws in place to protect the collection, storage, selling and safeguarding of personal information, or requiring notification when data is lost.
Hawaii needs stronger laws to protect individuals from the disclosure of personal information that makes the crime of identity theft possible.
We should require companies to notify potential victims whenever the loss of personal information is detected or suspected, and to make those who accumulate and maintain databases strictly liable to victims of identity theft resulting from the improper disclosure of personal information.
Victims of even a suspected identity theft, where no financial loss has yet been occasioned, nevertheless have to go through the inconvenience of changing credit cards and bank account numbers and reviewing their credit reports, and these victims should not have to bear the burden of proof. Strict liability would place the burden on the database owner to take adequate precautions to safeguard the personal data of individuals entrusted to them.
New legislation is needed to prevent companies from keeping information on individuals that is not absolutely necessary for business purposes, and requiring them to protect the information they do keep.
Making companies strictly liable for the data entrusted to them is probably the most effective way to get businesses to be more responsible, and criminal sanctions might be appropriate where misconduct has occurred or the lack of corporate responsibility and due diligence is egregious and flagrant.
Mark Moses, a Republican, represents the 40th District
(Royal Kunia, Makakilo, Kapolei, Kalaeloa).