When it comes to the future of electronic commerce, consumer trust and expectations of privacy are the bits and bytes that matter the most.
Even though it serves billions of users worldwide — with e-commerce in the United States topping $200 billion last year for the first time and up 15 percent so far this year — the Internet pretty much remains a work in progress. Still, in just more than 25 years, the Internet already has spurred transformative innovations. It has incalculable value. It has become part of our daily lives. And it has unlimited potential to effect positive social and political change.
But do Americans really believe enough is being done today to protect their online privacy? Are they taking advantage of the many privacy tools currently available to them? And, most importantly, are these privacy safeguards working effectively?
Quantifying what consumers want and expect is where the rubber meets the road in the debate over online privacy. Simply put, e-commerce will cease to grow and flourish if consumers lose faith in their ability to be protected from online predators, jeopardizing future innovation as well as our nation’s economic recovery.
Today, there are ominous signs all around us as Americans find their personal data and privacy under constant assault. As quickly and quietly as a wallet can be stolen by a skilled pickpocket, your personal identity can be hijacked without you knowing it by online hackers and cyber-thieves.
Every year, for millions of Americans, identity theft has become the bogeyman in the closet. It’s a crime that lurks in the shadows and strikes without warning, often leaving its victims trapped in a real-life nightmare where they can spend years trying to recover stolen assets, restore their credit and resume a normal life — if they’re lucky.
According to the Federal Trade Commission, almost 10 million Americans fall victim to identity theft each year. But a recent report — using information from the Identity Theft Resource Center and other sources — paints an even darker picture of this crime, revealing that one in 10 Americans have had their identities stolen at some point in their life.
The toll has been predictable and devastating:
• The cost of identity theft to U.S. businesses is estimated to be more than $50 billion a year.
• Almost 2 million American households a year have their bank accounts, credit cards or debit cards compromised.
• The average amount stolen from each American consumer amounts to almost $5,000, and the out-of-pocket cost for victims to resolve identity theft damage ranges from $850 to almost $1,500.
With cyberattacks clearly on the rise, something needs to be done immediately. In recent months, data breaches at hospitals, insurance companies, universities, banks, airlines and governmental agencies have affected tens of millions of records. And that’s in addition to the massive breaches last year at Sony, Epsilon and Citigroup Inc.
It’s time for Congress to take decisive action. Sophisticated and carefully orchestrated cyberattacks — designed to obtain personal information about consumers, especially when it comes to their credit cards — have become one of the fastest-growing criminal enterprises here in the United States and across the world.
So what’s the answer? Empowering consumers is a good place to start. My legislation, the Secure and Fortify Electronic Data Act, does that by establishing uniform national standards for data security and data breach notification.
The SAFE Data Act (H.R. 2577) builds on legislation passed by the House in 2009 but never acted on in the Senate. Most importantly, it reflects the changing landscape of data breaches and data security since that time and is crafted around a guiding principle: Consumers should be promptly informed if their personal information has been jeopardized.
First, my legislation requires companies and other entities that hold personal information to establish and maintain appropriate security policies to prevent unauthorized acquisition of that data.
Second, it requires prompt notification of consumers after identifying the specific information that was breached, unless it was an innocent or inadvertent breach unlikely to result in harm.
And finally, the SAFE Data Act preempts similar state laws to create uniform national standards for data security and data breach notification. We have learned during our recent hearings that consumer notification is often hampered by the fact that companies must first determine their obligations under a hodgepodge of 47 different state regimes.
With almost 1.5 billion credit cards now in use in the United States — and identity theft affecting as many as 1 in 10 Americans — the SAFE Data Act provides important new safeguards for U.S. consumers. Given the growing importance of e-commerce in almost everything we do, we can no longer afford to sit back and do nothing.
You shouldn’t have to cross your fingers and whisper a prayer when you type in a credit card number on your computer and hit “enter.”
Instead, Congress needs to hit the “refresh key” and pass legislation that will better protect American consumers in the future from online thieves.
Rep. Mary Bono Mack (R-Calif.) is chairwoman of the Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade.