"There's no federal legislation on the subject ... It is my conclusion that we do need federal legislation, that there needs to be uniformity," Senate Judiciary Committee Chairman Arlen Specter, R-Pa., said at a hearing where senators grilled top executives of LexisNexis and two other leading data brokers.
Data brokers collect personal information on consumers - from drivers license and Social Security numbers to medical records - and sell it to insurance companies, prospective employers, the IRS, law enforcement agencies and others.
But a string of recent breaches, most prominently at LexisNexis and ChoicePoint Inc., have put the personal information of hundreds of thousands of Americans at risk.
London-based Reed Elsevier, which owns LexisNexis, revealed Tuesday that criminals may have breached computer files containing the personal information of 310,000 people, a tenfold increase over the 32,000 people that the company reported were put at risk in March. The company said the fraud involved the improper use of IDs and passwords belonging to legitimate customers
Kurt Sanford, LexisNexis' president and chief executive for U.S. corporate and federal markets, apologized Wednesday.
"We sincerely regret these incidents and any adverse impact they may have on the individuals whose information may have been accessed," he said.
ChoicePoint disclosed a scam in February that it said involved as many as 145,000 Americans.
Several members of the Senate have introduced legislation, including requirements that consumers be notified when their personal information is breached - a provision now in place only in California.
California's 2003 law brought the ChoicePoint data breach to light.
By Erica Werner