The Congressional furor over identity theft continues. This time the target is databases that, in the eyes of Sen. Charles Schumer (D-NY), make identity theft way too easy. Schumer showed up yesterday with the addresses and social security numbers of former Attorney General John Ashcroft, former Secretary of Homeland Security Tom Ridge and several executives at Westlaw, the company whose database Schumer used to obtain the information. The Washington Post has a nice write-up. Check out this quote from the article:\n\n\n\n"Westlaw\u2019s service could be entitled \u2019Identity Theft for Dummies,\u2019" Schumer said. "To my mind, what bank robbery was to the Depression era, identity theft is to the information age. Everyone\u2019s susceptible."\n\n\n\nI\u2019m not trying to single out Westlaw, and I don\u2019t think that Schumer was either. There are plenty of information companies out there\u2014Lexis Nexis, for example\u2014and Schumer\u2019s main criticism (that it is too easy for people who don\u2019t have or shouldn\u2019t have a need for this information to get it) and concerns apply to them, too. In fact, the article ends with a more general quote on the overreliance on Social Security numbers and wonders whether these identifiers are part of the problem.\n\n\n\nInstead of in-depth analysis I\u2019m going to leave you with some quick hit thoughts. Companies have databases that track employees\u2019 Social Security numbers, in HR if nowhere else. Are Schumer\u2019s concerns applicable to these databases as well? Obviously there is a difference between a company that sells the records in its database and one that maintains them solely for internal use, but where exactly is the line between the two, particularly in some future legislated environment? \n\n\n\nReading between the lines here, I think that the concerns over database-based identity theft eventually lead to two issues that no one\u2014at least among the majorities of both congress and the business community\u2014really wants to see legislated. One is data security; effective legislation would essentially have to be Sarbanes-Oxley for security, the very thought of which should be enough to make most CIOs think about switching professions. The second is the issue of a federal ID that would in essence replace Social Security as our primary identifier. There\u2019s talk about doing this for government employees now. I looked into this about a year ago and concluded that it would be an enormously complicated endeavor, full of wide-reaching implications that I\u2019m not convinced outweigh the benefits. I\u2019ll post something on it if anyone ever starts talking about a national ID system.