Reproduction permitted for personal use only. For reprints and reprint permission, contact firstname.lastname@example.org.
State Senator Ted Kanavas remains optimistic that his bill requiring notification of electronic data breaches will pass the legislature yet this year.
Senate Bill 164, co-authored by Kanavas, R-Brookfield, and Representative Jeff Fitzgerald, R-Horicon, would require companies that keep personal data on customers and clients to notify those people when that data is obtained by unauthorized parties. Kanavas said the importance of protecting private information is gaining more national attention all the time. Just this week, United Parcel Service misplaced a box of computer tapes containing personal information Social Security numbers, account numbers and payment histories on about 3.9 million of Citigroup's CitiFinancial customers. The tapes have not been recovered.
Kanavas said he sees the bill working in tandem with a widespread re-evaluation on the part of businesses in how they secure information and how they destroy it when they go out of business or no longer need it. Given the national scope of the matter, he also plans to bring up the bill as model legislation with fellow conservatives at a meeting of the American Legislative Exchange Council (ALEC) in August. ALEC is a nationwide consortium of lawmakers and policy advocates organized to promote Jeffersonian ideals of government and legislative reform.
"To the extent that we can create an environment where people's identities are going to be protected and their personal information is protected, we've got to do that, because it's going to create more comfort in e-commerce," Kanavas said. "[That is] essential for America's economy to grow.
"I think the odds of [the bill] passing this year are pretty good."
But as the role of e-commerce grows in the economy, so does the fraternity of online con artists using ever more sophisticated scams to dupe consumers into revealing their personal financial information online. For example, phishing scams use e-mails to lure people to bogus Web sites, the goal being to convince unwary Web surfers to type in their credit card or bank account numbers or basically put them on silver platter for the crooks.
Two of the most common types of phishing scams use big brands -- Citibank, Ebay, Amazon, et al or well-known charity causes such as the Dec. 26 tsunami in Southeast Asia to net their victims. Mark McLane, CEO of NameProtect, a Madison-based firm that specializes in identity theft and fraud prevention and electronic market analysis, noted that right after the tsunami hit, the FBI contacted NameProtect to help track bogus charity Web sites. Within weeks, NameProtect had reported 500 separate suspicious sites working tsunami relief scams.
"These folks are organized, and they are bad people," McLane said. "Whether it's a traditional big brand or a terrible event like the tsunami, they don't care.
"If you go to the Red Cross or Oxfam or the Boy Scouts of America [directly], you have a high degree of probability that you're safe and sound there," he added. "It's a good idea when you get an e-mail with a Web site that you don't go there."
"If you don't have a background in these matters, I can see where people would get duped if they're less sophisticated in what is actually being presented to them," Kanavas said.
Kanavas noted that he has been working with people in the private sector to gather their input on the legislation and in the process has reaped a good bit of national interest.
"It's a big deal," Kanavas said. "It's like the keys to the kingdom. You could get totally whacked. Take a look at the Citibank thing. That's roughly four million customers.