Congress Takes on Data-Broker Security After Experian Hack Exposing 15 Million
Already under fire for the amount of personal information they collect, data brokers are now under scrutiny in Congress for their vulnerability to hackers.
A Senate Judiciary Committee panel on Tuesday considered whether there should be a security standard for data brokers, who sell information to advertisers and marketers as well as political campaigns, financial institutions, non-profits and corporations.
"It is no longer sustainable for data brokers of any size to handle high volumes of sensitive and detailed consumer data in the absence of minimum national data security standards," Pam Dixon, executive director of the World Privacy Forum, told the panel.
The hearing was held after Experian, one of the largest data brokers in the world, disclosed last month that it had been hacked, compromising the personal information of 15 million people.
"In the last few years, we've seen data-breach after data breach," said Sen. Al Franken, D-Minn.
The concern was bipartisan.
"How secure is the data collected by data brokers?" asked Sen. Jeff Flake, R-Ariz., who chaired the hearing.
The only industry representative to testify, Frank Caserta, chief security officer for the Acxiom Corp., said his company does not have "one big database that contains detailed information about all individuals, " but rather "discrete databases" tailored to meet the specific needs of clients.
"At Acxiom, we take data security very seriously," Mr. Caserta said. "We have a longstanding tradition and ingrained culture of protecting and respecting consumer interests in our business."
But efforts at self-regulation aren't satisfying Ms. Dixon, who said the rest of the industry has not followed suit. She joined Justin Harvey, chief security officer at Fidelis Cybersecurity, in urging lawmakers to write security standards into law.
"Set the bar pretty high," Mr. Harvey said.
It's not clear whether Congress will act. But Judiciary Committee member Sen. Richard Blumenthal, D-Conn., promised to re-introduce the Data Broker Accountability and Transparency Act, legislation that would give consumers the right to access and correct information collected by data brokers and opt out of having it sold for marketing purposes.
"We're in an era of bigger and bigger data, which makes the consumer smaller and smaller in the ways it is used," Mr. Blumenthal said.