Amid rising anger over thefts of personal data, lawmakers Tuesday urged limits on the sale of Social Security numbers and other confidential information.
“I personally see no socially redeeming value in anyone having the right to market or use Social Security numbers and other personal information without my approval,” said Rep. Joe Barton (R-Texas), chairman of the House Energy and Commerce Committee, in a written statement. “If a company wants to use my life for their profit, they ought to have to ask me first.”
Congress has considered banning the sale of Social Security numbers before, but legislators are now rallying around the idea in the wake of a series of security breaches that gave identity thieves access to restricted information kept by data brokers ChoicePoint Inc. and LexisNexis, a unit of Reed Elsevier.
At a meeting of his panel’s subcommittee on Commerce, Trade and Consumer Protection on Tuesday, Barton said there was a “very good chance” he would support a bill making it illegal to sell Social Security numbers, except to help law enforcement.
ChoicePoint Chief Executive Derek Smith, making his first appearance before lawmakers since the scandal erupted last month, agreed at the hearing that some regulation may be needed. Smith said he would support, for example, “a single, reasonable, nationwide mandatory notification requirement” under which companies such as his would tell people when information on them had been released improperly.
But Smith and LexisNexis President Kurt P. Sanford resisted the idea of a ban on sale of Social Security numbers.
Sanford pointed out that Social Security numbers can help banks verify that transactions are legitimate and help debt collectors make sure they are dealing with the right person.
“There are certain circumstances where the sale of Social Security numbers are in the consumer’s best interest,” Smith said.
Some on the panel were harshly critical of the companies’ position.
“This is an industry still in denial, that still doesn’t recognize how highly Americans value their privacy, and hopes to ride out this scandal,” said Rep. Edward J. Markey (D-Mass.). In previous years Markey has unsuccessfully pushed bills restricting the sale of Social Security numbers -- legislation he has pledged to reintroduce.
Smith and Sanford apologized for the recent losses of personal data and said their companies had adopted new safeguards to improve the security of such information.
“The security breach that ChoicePoint discovered last fall in California has caused us to go through some serious soul searching,” Smith said. “In retrospect, the company should have acted more quickly.”
Alpharetta, Ga.-based ChoicePoint disclosed last month that intruders posing as small-business customers may have compromised personal data of 145,000 people, almost one-fourth of them in California. ChoicePoint became suspicious of foul play in September and cooperated with law enforcement, but only last month said it would begin notifying consumers.
To prevent a reoccurrence, the company is now scrutinizing small-business applicants more carefully and withholding some sales of sensitive consumer information, Smith told lawmakers.
Sanford said LexisNexis would add restrictions on access to Social Security numbers and driver’s license numbers. His firm last week revealed that identity thieves had helped themselves to personal data on up to 32,000 people.
“We sincerely regret this incident and any adverse impact that this crime may have upon the individuals whose information was accessed,” Sanford said Tuesday.
ChoicePoint was the focus of a second congressional hearing Tuesday. Members of the Senate Banking Committee asked a company vice president, Don McGuffey, when top executives learned of the security breach that resulted in an arrest on Oct. 26, 2004.
McGuffey said he was notified of the incident in mid-November and discussed it with ChoicePoint President Douglas Curling later that month. McGuffey said Smith, the CEO, learned of the breach in January.
Between the time of the arrest and when the company made the security breach public, Curling and Smith sold about $16.5 million worth of company stock, according to regulatory filings by the company. ChoicePoint has said the sales were pre-approved by the company’s board and had nothing to do with the security breach.
Times staff writer David Colker contributed to this report.