Legislature(2007 - 2008)HOUSE FINANCE 519
02/19/2008 01:30 PM House FINANCE
| Audio | Topic |
|---|---|
| Start | |
| HB65 | |
| HB193 | |
| HB267 |
* first hearing in first committee of referral
+ teleconferenced
= bill was previously heard/scheduled
+ teleconferenced
= bill was previously heard/scheduled
| + | HB 267 | TELECONFERENCED | |
| + | HB 193 | TELECONFERENCED | |
| += | HJR 2 | TELECONFERENCED | |
| + | TELECONFERENCED | ||
| += | HB 65 | TELECONFERENCED | |
HOUSE BILL NO. 65
"An Act relating to breaches of security involving
personal information, credit report and credit score
security freezes, consumer credit monitoring, credit
accuracy, protection of social security numbers, care
of records, disposal of records, identity theft,
furnishing consumer credit header information, credit
cards, and debit cards, and to the jurisdiction of the
office of administrative hearings; amending Rule 60,
Alaska Rules of Civil Procedure; and providing for an
effective date."
1:41:33 PM
REPRESENTATIVE GARA, SPONSOR, spoke on behalf of himself and
co-sponsor Representative John Coghill and made two
clarifications regarding HB 65 for the record. He began with
AS.45.48.030, Methods of Notice (page 3). When a company
realizes that they have released financial information to
the public, whether by accident or on purpose, this section
requires that the company tell the people affected.
Notification must take place through a letter sent to the
most recent known address. He said one of the companies had
asked if they would have to keep trying to notify a consumer
if the address was wrong. Representative Gara said that
under the standard in the bill, the company has to write
once. They don't have to keep sending the letter.
Representative Gara clarified the second issue, 45.48.410,
Request and Collection (page 17). This section bans a person
or company from selling, trading or making money from Social
Security Numbers (SSN). However, there are situations in
which the bill allows use of SSNs. He said the most
important exception is in 45.48.410(b)(6). A company can
always use an SSN if they are not making money by using it,
if it has no independent value, or if it is part of a larger
transaction such as a credit check or if the SSN is needed
to verify identity for debt collection or to prevent fraud.
1:43:49 PM
Co-Chair Chenault thought a Social Security card was never
intended to be used as identification. Representative Gara
said the sponsors agreed. They did not want companies
demanding that people use their SSN for identification
purposes; however, there is also no ban on it being used as
identification.
Co-Chair Meyer asked if there were amendments to the bill.
Representative Nelson MOVED to RESCIND previous action taken
on Amendment #3, 25-LS0311\K.2, Bannister, 2/07/08 (Copy on
File). There being NO OBJECTION, the action was rescinded.
Representative Nelson read Amendment #3, which deletes "the
disclosure of permanent fund dividend applicant records" and
all references to the same in the bill. She said the
provision was put in by the Judiciary Committee. The battle
to not allow the Dividend Corporation to give out applicant
information was fought for years and won; she did not want
the issue slipped into a bill that is going the other way in
terms of providing information.
AT EASE 1:47:05 PM
RECONVENE 1:51:36 PM
Co-Chair Meyer called for questions on Amendment #3.
Representative Nelson MOVED to ADOPT Amendment #3, 25-
LS0311\K.2, Bannister, 2/07/08 (Copy on File).
Page 1, Line 1, deleting "the disclosure of permanent
fund dividend applicant records,"; Page 2, Line 4
through Page 3, Line 18, deleting all material and then
renumber the following bill sections accordingly: Page
29, Line 17, deleting "sec. 5", inserting "sec. 3";
Page 29, Line 21, deleting "sec. 5", inserting "sec.
3"; Page 29, Line 24, deleting "sec. 5", inserting
"sec. 3"; Page 29, Line 26, deleting "sec. 6",
inserting "sec. 4".
Representative Hawker OBJECTED.
LORI DAVEY, PRESIDENT, MOTZNIK INFORMATION SERVICES, spoke
in opposition to Amendment #3. Her company had access to
Fund Dividend (PFD) information before 2004. She said the
loss of access to PFD information has made it more difficult
for title companies, banks and attorneys to effectively
differentiate people, especially those with the same name.
Motznik is not asking to have the same access to information
as they had before 2004, when anyone could download the PFD
file off the State's website into a database. She said the
amendment introduced into Judiciary gives access only to the
name, mailing address and year of birth, not to SSNs or
information for people under 18 years of age. The
information will be used to effectively differentiate people
and serve due process.
1:54:47 PM
Ms. Davey explained that when Motznik does background
screening for employment or housing, they can get name and
date of birth from a criminal file and other public records.
However, if a person does not vote, own a car, have a
hunting or fishing license or show up anywhere else in the
public record, there is no way to differentiate a person
with a criminal record and no other address information from
someone else with the same name. She does not consider the
PFD information they are asking to be re-disclosed (name,
address and year of birth) to be private information.
Representative Nelson asked how companies in other states
find information when they do not have access to data bases
like the PFD. Ms. Davey assumed in other states companies
had more access to tax records, which are not available in
Alaska.
Representative Crawford referred to a person with his name
and a mix-up that resulted in Representative Crawford's PFD
check being taken away. He understood both the need to have
access to information and to limit it. He wondered how to
keep protecting people if access is re-opened.
1:57:39 PM
Ms. Davey said the information would be managed similar to
how it is managed in the DMV, by limiting the people and
companies who have access to the information. There are
limited reasons why the information can be accessed. A form
must be signed and there must be verification that the
business being done is legitimate. The amendment limits the
access. She described how Motznik's system tracks requests
for information and keeps records indefinitely.
Representative Gara wondered what records would be used in
states that do not have an income tax. Ms. Davey said she
only operates in Alaska and did not know. Representative
Gara wondered if tax records were public in other states.
Representative Gara wondered if the most recent address
information someone could find on someone they were trying
to do harm would be the PFD information. Ms. Davey thought
that potentially DMV would have updated information. There
are other means as well, since voter information is updated
with the PFD. For most people that information is already
available.
2:00:43 PM
Representative Gara voiced concerns about giving out address
information. Ms. Davie answered that in Alaska it is
difficult to do business without access to the PFD
information. Representative Gara reiterated his concerns.
2:02:27 PM
Representative Hawker said he MAINTAINED his OBJECTION.
Representative Thomas asked if the Division of Elections had
the authority to use the PFD to update addresses.
MEGAN FOSTER, STAFF, REPRESENTATIVE LES GARA said that she
believed they did. Representative Hawker had asked the
Division of Revenue (DOR) the same question recently and the
answer was yes. Co-Chair Meyer noted that DOR people present
were nodding their heads.
Representative Thomas pointed out that even if the amendment
were voted down, Elections would still have access to the
addresses.
Representative Nelson said she was happy to be offering the
amendment to delete the provision. She did not want to slip
major changes into other legislation, especially a bill like
HB 65, which tries to limit access to information. She
thought if there were strong support for the provision,
there should be a stand-alone piece of legislation so that
it could be discussed on its own.
2:05:01 PM
A roll call vote was taken on the MOTION to ADOPT Amendment
#3.
IN FAVOR: Nelson, Stoltze, Thomas, Crawford, Gara
OPPOSED: Kelly, Hawker, Chenault, Meyer
Representative Harris was absent from the vote.
The MOTION PASSED (5/4).
Vice-Chair Stoltze asked if Amendment #4, 25-LS0311\K.1,
Bannister, 1/30/08 (Copy on File), which had passed the
previous day, was superfluous. Co-Chair Meyer said yes.
AT EASE 2:06:34 PM
RECONVENE 2:07:16 PM
Co-Chair Meyer referred to new fiscal note for $2 million by
the Department of Administration, new fiscal note by the
Department of Revenue and new indeterminate fiscal note by
the Office of Budget and Management.
Representative Hawker wanted an explanation of the $2
million fiscal note.
2:08:15 PM
KEVIN BROOKS, DEPUTY COMMISSIONER, DEPARTMENT OF
ADMINISTRATION (DOA), gave information regarding the
Department's fiscal note. He explained that since the State
was the victim of a security breach in 2005, DOA had been
requesting funds to strengthen data security. The Department
replaced switches and routers on the network and took other
measures to secure the hardware and infrastructure. The $2
million requested in the fiscal note would pay for
encryption of data so the various state data bases would be
protected in the event of another breach.
Representative Hawker asked what the $1,765.600 under
"equipment" in the fiscal note was for. Mr. Brooks replied
that the budget was for both hardware and software. Software
is included in equipment when the amount needed is large.
Representative Hawker asked for clarification. Mr. Brooks
replied that the $2 million in the FY 09 budget is a
continuation that would complete and implement a double fire
wall to put around all public facing servers. The $2 million
in the capital budget completes the implementation of that
as well as a network admission control. He added that the
detail is in the Capitol budget, but they are separate and
distinct projects. The only similarity is the amount.
2:11:20 PM
Representative Hawker stated that he believed that the
Legislature is only beginning to see the requested funding
to deal with data security in Alaska. He pointed out
previous funding adding up to approximate $16 million listed
on the second page of the fiscal note. He voiced concerns
regarding long term planning.
Mr. Brooks agreed but wanted to list every dime that has
gone into security. He said there is money in the capital
budget for the proposed project and that the Department did
have a five year plan. The encryption budgeted is in that
plan. He emphasized that the encryption needed to be done as
soon as possible; HB 65 points to the urgency to encrypt
data.
2:14:33 PM
Representative Hawker emphasized that he was not arguing the
merits of encryption. He wondered if HB 65 places a burden
of responsibility on the State. Mr. Brooks answered that
from the Department's perspective, the State is treated like
any other keeper of data. The State is not in the business
of making profit from the data but still keeps enormous
amounts of personal data.
Representative Gara clarified that HB 65 did not require
data encryption, although it is a good, safe practice. Mr.
Brooks agreed that HB 65 did not require encryption, but DOA
believes encryption is a prudent thing to do in light of
penalties in place in the bill.
Representative Hawker asked what penalties HB 65 would
impose upon state employees or the State itself. Mr. Brooks
answered that state employees would be covered under a
public officials bond, so there would be no personal
liability. However, the bill has been amended to include
actual economic damages caused in a breach. There are also
costs to notify. He acknowledged positive amendments that
will enable mass notifications, but thought the State had
vulnerabilities that other companies did not have because of
the amount of personal data the State maintains.
2:17:17 PM
Representative Hawker reiterated concerns about the fiscal
note and the enormity of data security issues.
2:18:11 PM
Mr. Brooks agreed that the State will need to be diligent in
security efforts, as the level of sophistication of hackers
is growing.
Co-Chair Meyer pointed out that the new fiscal note by the
Department of Revenue was deleted because Amendment #3 had
passed.
Vice-Chair Stoltze MOVED to report CSHB 65 (FIN) out of
Committee with individual recommendations and with new
fiscal note by the Department of Administration and new
indeterminate note by the Office of Management and Budget.
There being NO OBJECTION, it was so ordered.
CS HB 65 (FIN) was REPORTED out of Committee with "no
recommendation" and with new fiscal note by the Department
of Administration and new indeterminate note by the Office
of Management and Budget.
| Document Name | Date/Time | Subjects |
|---|