The Patriot-News, Harrisburg, Pa.: It's unfortunate it took the identity theft of some 300,000 consumers to wake up Congress to companies that sell personal data, but better late than never.
In addition to the LexisNexis security breach that allowed the personal information to get into the hands of thieves, another company, ChoicePoint, last year was found to have unwittingly sold data on 145,000 Americans to criminals posing as legitimate companies.
It's troublesome enough that these data information brokers know more about us than we likely know about ourselves. But, with the exception of California, there are no federal or state laws on the books that even require these companies to notify consumers that their personal data is stolen.
Sen. Diane Feinstein, D-Calif., has proposed using California's tough security breach law as a model for federal legislation. Another member of Congress, Rep. Edward J. Markey, D-Mass., wants the Federal Trade Commission to regulate these companies and to also restrict the sale of Social Security numbers.
These seem like good starting points.