Posted on: Friday, June 24, 2005
EDITORIAL
Data theft demands tough sanctions
Theft of personal digitally stored information, whether through "phishing" e-mail scams or security breaches of computer databases, is rapidly becoming one of the most worrisome and pervasive criminal activities, a crisis that demands appropriate regulation and tough criminal penalties.
Fortunately, even before the theft of 40 million credit card files stored by the processing firm CardSystems Inc., the U.S. Senate began looking in earnest at federal reforms aimed at regulating companies that deal with data, including a proposal to license those that sell personal information.
There's also a pair of bills modeled on the California law that requires consumers to be notified of security breaches. There are some knotty details to be worked out there, as well as some resistance from the industry, which suggests that individual states should not wait for Congress to act before tackling the issue on their own.
Hawai'i lawmakers made a good start during the last session, passing a bill that sets criminal penalties for "phishing" — the dissemination of e-mail that fraudulently garners passwords or other sensitive personal data from consumers. Of course, most of the "phishers" are from out-of-state — identity theft is an international issue — so Hawai'i's act can have only limited effect.
But lawmakers also wisely created in this measure an identity theft task force to consider what else could be done locally on the problem. The state should move quickly to assemble this task force, which can track the progress of the federal bills as well as survey other states for efforts made at the local level. A slate of well-considered reforms must be ready before the Legislature convenes in January.
It's frustrating to see financial lobbyists rallying against the federal measures on Capitol Hill. Hawai'i can hope for a more rational response from banks and other institutions locally. Defending the status quo at the expense of the consumer is shortsighted, especially during this rapidly evolving information age. More and more personal data is stored digitally in formats that keep the information wonderfully accessible but not always secure.
The failure of the industry to accept carefully considered regulation can only lead to continued deterioration of the public's trust in e-commerce, a state of affairs that could harm everyone in the long run.
