We Need Additional Privacy Laws NowWe Need Additional Privacy Laws Now

A few weeks ago, Americans were inundated by letter upon letter from banks, credit-card companies, and other financial institutions explaining their privacy policies. Why? So that these companies could comply with the July 1, 2001, deadline as required by the 1999 Gramm-Leach-Bliley banking deregulation law.

Most people, however, threw these notices in the trash. The material was confusing and often disregarded. But if you didn't take the notice seriously, the company may be free to sell your personal information to anyone willing to buy it.

Put simply, the 1999 law didn't go far enough to protect Americans' personal information. As a result, people are more at risk from identity theft than ever before.

Increasingly, your personal information--such as Social Security number, driver's license, and health and financial data--can be purchased without your knowledge for as little as $35 on the Internet or by pilfering your trash or mail. The FBI estimates that a case of identity theft occurs every two minutes, or roughly 350,000 times each year. Additionally, the Social Security Administration reports that misuse of Social Security numbers has grown 500% in only four years.

Identity piracy can happen to anyone--even a prosecutor. Recently, a Colorado assistant attorney general had no idea that her identity had been stolen until she received a call from Sprint regarding three accounts for cellular phone service she hadn't set up. The thieves stole her Social Security number, birth date, address, and other information to run up $5,086 worth of charges in her name. Like thousands of other victims, she was forced to spend countless hours attempting to restore her good name and credit rating after collection agents didn't believe she was a victim.

Another example of identity piracy was uncovered recently when the U.S. Secret Service busted an identity-theft ring in Orange County, Calif., that used the names of 1,500 people nationwide to steal nearly $2 million.

The loss of privacy, however, has more than an economic cost. People have a right to be left alone and to keep the most intimate details of their lives to themselves. Just think of the serious harm that can be done if one's health status, religious affiliation, or spending habits are cavalierly exposed to the public eye.

We must ask ourselves: Are we doing enough to protect people from this growing crime? After trying to decipher the recent bevy of privacy notices, I would hazard a guess that most Americans would say no.

The problem is that many of the measures pending before Congress today provide only part of the solution. What's needed is a comprehensive level of protection.

I have legislation to do just that, striking a balance between the personal right of privacy and the needs of legitimate commerce. The bill puts strict protections on Americans' most sensitive personal information. The measure also prevents companies from being able to sell Social Security numbers to the general public. And in a major change from current law, this bill requires that a company can sell a person's financial data, health data, or driver's license information only with the individual's explicit permission. The requirement of affirmative consent is also known as "opt-in."

I realize that we live in a high-technology society where, in many cases, information is the currency of commerce. All of us demand the convenience of instant credit and online transactions; if businesses can't share this information, some of these conveniences are put at risk. Therefore, the bill also lets companies sell nonsensitive information such as addresses and phone numbers. But companies must give individuals a reasonable opportunity to withhold this information if they so choose. In other words, individuals can choose to opt out of the transaction.

The bottom line is that the balance between privacy and commerce is sometimes a difficult one. But it can be done. We shouldn't let the status quo remain when it comes to privacy.

I'm struck by a speech that British playwright George Bernard Shaw gave in New York in 1933 in which he said, "An American has no sense of privacy. He does not know what it means. There is no such thing in the country."

Let's prove him wrong. As the use of personal information in our society continues to escalate, we must ensure that our privacy laws keep pace with that growth.

Dianne Feinstein is the senior U.S. senator from California, representing the state since 1992. She's the former mayor of San Francisco and the first woman to sit on the Senate Judiciary Committee, where she wrote the 1994 Assault Weapons Ban and the Gun-Free Schools Act. She also sits on the Senate Energy and Natural Resources, Appropriations, and Rules Committees. To E-mail her, click on "Contact Senator Feinstein" at http://feinstein.senate.gov/email.html.