Warning: I.D. theft

Seattle Times: Federal legislation billed as doing something about the recent rash of consumer data breaches might do very little and interfere with states that have stepped up with more-meaningful laws.
In theory, the troubling bill, passed last week by a House Energy and Commerce subcommittee, would require that consumers be notified when their personal data is lost or stolen. Great, but the standard of notification is only when there is a "significant risk" of identity theft -- and guess who decides? The company itself.
Since Feb. 15, the personal data of more than 51 million people has been exposed through a series of astounding breaches, according to the Privacy Rights Clearinghouse. The breaches have prompted several states to adopt notification legislation. Washington's law went into effect in July.
Industry discretion
However, the industry is seeking more discretion about when companies have to notify people and to ensure a weaker federal law will supersede stronger state laws.
That should not happen. The attorneys general of 47 states recently submitted a letter to Congress urging that the legislation not preempt state laws.
It also urges provisions permitting consumers to freeze access to their credit reports and state AGs to enforce the related federal law.