(Also see Hillary Clinton in 2008 Info Center Hub.)
Right now, if you’ve been victimized, you can place a credit "alert." But you cannot freeze your credit. If you are a veteran, concerned about your credit because your Social Security number has been compromised, you should be able to call Equifax and say, "No access, and no new credit."
We also have to strengthen the right to know provision. If your credit or identity is compromised, you should be notified immediately, not days, weeks even months later. Because this is required in some states but not all, a large percentage of identity theft victims are unaware that anything has happened to put their information at risk.
PRIVATE DATA SENT OUTSIDE THE US FOR PROCESSING
Some firms are now sending data abroad for processing, away from the protections of U.S. law. As inadequate as it is, at least it is a framework better than you’ll find in most of the rest of the world.
The potential dangers of this practice are illustrated by the case of an employee in a Pakistani data center doing cut-rate clerical work for an American medical center who threatened to post patients confidential files on the internet unless she was paid more money. Moreover, last year employees doing data processing work for an Indian outsourcing company stole $350,000 from four Citibank customers.
Last year I proposed the SAFE-ID bill which ensures that customers will be notified when their personal data is sent abroad, and they should have the right to opt out...
A FEDERAL CHIEF PRIVACY CZAR
Across the federal government, privacy concerns are not getting the priority attention they deserve. The results are embarrassing to this Administration and unacceptable for citizens whose privacy and security may be at risk from their own government’s sloppy practices.
That’s why the PROTECT Act would create a high-level privacy czar in the Office of Management and Budget. A Chief Privacy Officer for our government would have oversight into the workings of every government department, and power to make sure that the law is being followed and best practices being implemented.
We had a privacy czar during the Clinton Administration, but the current administration chose not to follow that model.
There’s no better example of why we need a so-called privacy czar than the theft last month of personal data from 26.5 million veterans and more than a million active-duty servicemen and women...
The theft of this data and the Administration’s lax response is a disgrace – soldiers serving in harms’ way should not have to bear the additional burden of worrying about identity theft, and we need to get to the bottom of this to prevent it from happening again.
Perhaps if we had the office of the Chief Privacy Officer this might not have happened or would have come to light much sooner.
HEALTH PRIVACY
We also face a critical balancing act in the area of health privacy. Patients’ lives may depend on sharing their most intimate information. Our ability to control costs and improve the quality of healthcare certainly depends on moving away from paper-based medicine to information superhighway medicine...
We had no federal protections for health information at all until the Health Insurance Portability and Accountability Act – also known as HIPAA, a different kind of acronym - was enacted under the Clinton Administration. HIPAA provided important protections of patients’ most private information – their medical information. HIPAA provides a baseline, but the business of healthcare is changing fast, and information technology is changing even faster.
Consumers are getting care – and risking their information – in ways that no one could have foreseen a few years ago. And, this Administrations’ indifference toward HIPAA and its enforcement has made even the protections we have utterly inadequate...
HIPAA was designed to have teeth – government monitoring, fines and legal actions against companies that violate the law. But instead of spot checks and audits, HHS waits for a complaint and then investigates. There have been well over, I think, 35,000 complaints at the last count and not a single civil, monetary penalty has been imposed. This is clearly not working...
And with the rapid growth of DNA-bases, databases, and the many uses of generic information on the horizon, we must also ensure that this information is protected to prevent genetic discrimination...discrimination based on genetic information to get a job, to get insurance, could be a devastating blow to so many people if this is left unchecked.
