Statement of U.S. Senator Dianne Feinstein Hearing before the Senate Judiciary Subcommittee on Technology, Terrorism, and Government Information

Statement of U.S. Senator Dianne Feinstein
Hearing before the Senate Judiciary Subcommittee on Technology,Terrorism and Government Information

"Privacy, Identity Theft and Protection of Your Personal
Information in the 21^st Century"

I am pleased to convene this Judiciary subcommittee hearing on privacy and identity theft.

In 1928, Supreme Court Justice Louis Brandeis described privacy as the "right most valued by civilized people," and he defined it simply as the right to be left alone.

With the advent of instant communication, the preservation of this right is now at risk. There are ominous signs that we are losing control over our personal information. Here are just a few examples:

Some websites store and sell data on the most intimate aspects of our personal lives - where we live, the value of our homes, our financial histories, and our medical conditions.

Your Social Security number can be purchased for as little as $25 on the Internet.

One medical information service has - and can distribute at will - databases containing the phone number, gender and address of 368,000 people with clinical depression or 3.3 million people with allergies.
And, according to one privacy advocate, a typical person's name and address are known to 500 companies or more.

So without a doubt, the threats posed by the misuse of personal information are numerous.

First, as the General Accounting Office will report today, identity theft crimes continue to surge. Identity theft occurs when another person literally steals your identity for profit or other illicit motive.

Recently, the Federal Trade Commission reported that identity theft was the largest complaint on the Commission's consumer complaint list last year, representing 42 percent of its 204,000 complaints.

Some privacy groups estimate that as many as 750,000 people a year are victims of the crime.

Second, stalker and others with criminal intent can increase their ability to harm their victims by gaining access to their personal information.

We will hear today from Susan Fisher, whose brother was killed by an ex-girlfriend who stalked him by gaining access to his personal records.

Third, many people simply don't want their personal information - such as the amount of their bank accounts, the type of medications they take, or their home address -- widely shared with the public.

Some have suggested that, in light of the ongoing war on terror, privacy needs to take a back seat to issues of safety and security.

I strongly challenge this view. Protecting basic consumer privacy is compatible with enhanced security. In fact, the goals of privacy and security are often complementary.

The recent acts of terror show how personal information can be misused to advance terrorist or other criminal activities. According to the Social Security Administration, 6 of the 19 hijackers in the September 11^th attack were using Social Security numbers illegally. Moreover, an Al Qaeda associate recently testified that the organization trained its operatives how to obtain stolen licenses, credit cards, and Social Security cards.

It also must be acknowledged that efforts to protect privacy must be balanced with the benefits so many Americans enjoy because of the widespread use of personal information.

Many of us appreciate the ability to get instant credit, locate long-lost college friends, purchase items swiftly on the Internet, or be notified of products that might interest us. Therefore, I believe it is critical that any initiative on privacy strike a proper balance and I have crafted legislation to do just that.

Today's hearing will discuss the need for comprehensive legislation to deter identity theft and protect personal privacy.

I want to take a brief moment to describe the bill, because it sets out where I stand on privacy. The Privacy Act of 2001 creates a two-tiered system of privacy protection that recognizes that not all information is equally sensitive.

For your most sensitive information, the bill requires that companies get YOUR CONSENT BEFORE they sell the data.

For example, under the Privacy Act of 2001, YOU MUST GIVE YOUR CONSENT before a bank can sell information about your account balance, the stocks you own, your spending habits or other financial data.

YOU MUST GIVE YOUR CONSENT before a school, university, life insurer, or any other entity sells or markets your sensitive health information - such as your mental health, disease status or the prescriptions you buy.

YOU MUST GIVE YOUR CONSENT before the sensitive information on your driver's license such as your driver's license number, or your height, weight, sex or birth date can be sold.

The Privacy Act of 2001 will also stop the practice of companies selling Social Security numbers to any member of the public who wants it.

However, to reflect the legitimate needs of business, the Privacy Act of 2001 proposes a lower threshold for the sale of less sensitive information such as a person's name and address.

Under this lower threshold, businesses must give NOTICE of their intent to use this information. After giving notice, the business can sell this less sensitive data unless an individual tells them not to do so.

Senator Judd Gregg will testify in the first panel on the privacy of Social Security numbers.

In the second panel, the GAO will give preliminary results of its year-long study of identity theft.

Susan Fisher of the Doris Tate Crime Victims Bureau;

Frank Torres of Consumers Union;

Doug Comer of Intel; and

John Avila of Disney Corporation.

I would now yield to Senator Kyl, the Ranking Member of the Committee, for any opening remarks he may have.