ecent reports of a major security breach, and the resulting instances of fraud, at consumer data broker ChoicePoint Inc. have opened debates on protecting financial data. Lawmakers in Washington, D.C. hope to introduce legislation in the House and Senate that would require more federal regulation of companies that collect and sell consumer data.

Senators Patrick Leahy of Vermont, Dianne Feinstein of California and Charles Schumer of New York have requested a Judiciary Committee hearing on whether the Federal Trade Commission (FTC) should provide more oversight of these types of companies, the Associated Press reported in February.

ChoicePoint announced on Feb. 15, 2005 that criminals had gained access to the personal information of nearly 145,000 consumers in all 50 states ("Thieves Gain Access to 145,000 Consumer Records," The Green Sheet, Feb. 28, 2005, issue 05:02:02). Thieves used stolen identities to create business licenses for what appeared to be legitimate check-cashing companies or debt collection firms in order to breach ChoicePoint's security system.

The crooks opened at least 50 accounts with ChoicePoint to access the consumer records, which included information such as names, addresses, Social Security numbers and credit reports. The criminals operated undetected for more than year and used the stolen information to steal the identities of at least 750 people. Under pressure from attorneys general in 38 states to alert consumers, the company mailed warning notices to all those affected. ChoicePoint mailed the most notices, more than 34,000, to residents of California.

A California law provides consumers with more safeguards for protecting financial data than any other state: Companies must inform consumers if the systems that store this information have been breached. Legislators from New York, Texas and Georgia are looking at similar laws.

In December 2003, President Bush signed into law provisions to the Fair Credit Reporting Act (FCRA) of 1970. The provisions included amendments to help consumers better protect themselves from identity theft, but they also extended the FCRA's controversial section on credit reporting. This provision gives businesses the right to share and report data on consumers. Organizations such as the National Retail Federation and MasterCard International have argued this helps protect consumers and provides them with easy access to credit. The federal law preempts state law even if states offer consumers more protection.

Some state legislators are calling for even more stringent laws to protect people. For example, Feinstein has long argued that consumers should have more control over how their personal information is collected and used.

She introduced a national bill similar to the California law. She also wants to force data brokers to ask consumers' permission to sell their personal data.

In the FTC's annual report on consumer fraud, released in February 2005, the agency said that Americans lost nearly $548 million to identity theft and consumer fraud in 2004. Both the FTC and Better Business Bureau estimated that more than 9 million consumers fall victim to identity theft each year.

Following ChoicePoint's news, Bank of America Corp. announced that it lost backup tapes storing the financial information of government employees in shipment to a data warehouse, CNET's News.com reported. And PayMaxx, a payroll processor, said that a glitch in its system left some of its customers' W-2 forms accessible to intruders on the Internet.