Shostack + Friends Blog Archive


Choicepoint: April 24

  • The Privacy Law Site posted on the Schumer-Nelson Comprehensive Privacy bill on April 13, but I just found it. The author summarizes the bill.
  • Richard Clarke has a column in the New York Times, “You’ve Been Sold,” in which he outlines some reasonable parts of a new law. [Added shortly after first posting.]
  • The Seattle Times covers “Bills sent to governor aim to fend off identity thieves:”

    A security-breach bill, Senate Bill 6043, will require consumers to be notified by credit-reporting and consumer-data agencies if a security breach compromises their personal information.

    And a security-freeze bill, Senate Bill 5418, will let victims of identity theft — or those whose personal data have been stolen — place a security freeze on their credit files with credit-reporting agencies to lock out potential thieves.

    One of the state’s top consumer groups, the Washington Public Interest Research Group, dropped its support for the security-breach bill when amendments were added letting companies decide whether to notify customers when their data are stolen. If the companies consider it a “technical breach” that doesn’t seem reasonably likely to subject customers to criminal activity, they’re not required to tell customers.

    Look for blowback on that loophole. Washington banks are going to have to go through two compliance programs over the next few years after a big bank abuses this, and a more stringent law shows up.

  • It’s been a little while, and I feel a need for release. Today’s Two Minutes Hate comes to you from The Nashua Telegrah, who asks, Didn’t ChoicePoint learn anything from murder of Nashua’s Amy Boyer:

    Amy Boyer was a 21 year-old college student working part-time as a dental assistant in downtown Nashua. Amy was shot nine times in the head as she left work on Oct. 15, 1999, by a stalker who bought Amy’s Social Security number and work address on the Internet from an “information broker” named Docusearch.

    Docusearch purchased Amy’s Social Security number from IRSC, an information broker that folded into the ChoicePoint conglomerate.