EPIC Testimony

• Background |
• EPIC Testimony

Background

EPIC routinely testifies before lawmakers concerning emerging privacy issues. EPIC does not lobby. We are invited to testify by Congress and state legislatures based on our expertise and history of promoting strong, enforceable privacy safeguards.

EPIC Testimony

• EPIC on Libra: "Facebook Clearly Cannot be Trusted With Consumers' Financial Data": In advance of Congressional hearings on Facebook's plan to launch its own cryptocurrency called Libra, EPIC has sent statements to Senate and House Committees stating that "Facebook clearly cannot be trusted with consumers' financial data." EPIC noted Facebook's history of misrepresentations to regulators, highlighting the promises Facebook made when the company acquired WhatsApp regarding user privacy — promises Facebook has since broken. EPIC also discussed the Cambridge Analytica scandal and outlined Facebook's long history of failing to protect user data. As reported, a pending settlement with Facebook would not address proposals made by EPIC and others to strengthen Facebook's protection of user data. EPIC urged Congress to block Facebook's entry into cryptocurrency. (Jul. 15, 2019)
• Equifax Breach "Entirely Preventable": House Oversight Committee: In a report released today, the House Committee on Oversight declared that the Equifax breach, which affected 148 million U.S. consumers, was "entirely preventable." The breach, one of the largest in U.S. history, compromised the authenticating details, including dates of birth and social security numbers, of more than half of American consumers. The House report concluded that Equifax "failed to fully appreciate and mitigate" the cybersecurity risks and placed corporate growth over data security. Despite several agencies, such as the CFPB and the FTC, pledging to take action against Equifax, none have done so. The House Committee recommended that Equifax "provide more transparency to consumers" about data use and security practices and reduce the use of social security numbers as identifiers, longstanding priorities of EPIC. Following the Equifax data breach in 2017, EPIC President Marc Rotenberg testified before the Senate Banking Committee and recommended free credit freezes and other consumer safeguards to mitigate the risk of identity theft. (Dec. 10, 2018)
• EPIC To Congress: Urge Social Media Platforms to be Transparent about Russia Hacking: In advance of a hearing on "Foreign Influence Operations' Use of Social Media Platforms," EPIC has sent a statement to the Senate Select Committee on Intelligence. EPIC said that the American public must be given more information about the extent of Russian interference in the 2016 election. EPIC asked the Senate Committee to press the social media companies to be more transparent about the manipulation of news and information. EPIC sent similar requests this year to both the Senate and House Intelligence Committees. EPIC also pursued an important FOIA case, EPIC v. ODNI, to make public the Intelligence Committee Assessment on Russian interference. (Sep. 5, 2018)
• For Internet Policy, EPIC Urges Congress to Update U.S. Privacy Laws: In advance of a hearing on "The Internet and Digital Communications: Examining the Impact of Global Internet Governance," EPIC urged the Senate Commerce Committee to prioritize updating U.S. privacy law to respond to changes in technology. "The failure of the United States to address the growing concerns about online privacy is threatening both the digital economy and democratic institutions," EPIC stated. EPIC explained that privacy protection is necessary to ensure the free flow of information online. EPIC again warned Congress that Europe may suspend the Privacy Shield, a framework that permits the flow of European consumers' personal data to the U.S, if the United States does not modernize privacy law and establish a federal data protection agency. (Jul. 30, 2018)
• EPIC Advises Congress to Protect Consumer Call Records: In advance of the hearing "Protecting Customer Proprietary Network Information in the Internet Age," EPIC urged Congress to protect the privacy of users of third-party apps, such as WhatsApp and Google Voice. The Telecommunications Act of 1996 protects the privacy of "CPNI" — phone numbers dialed, date and time of calls — but this safeguard does not cover internet-based calls. EPIC told Congress that CPNI privacy rules should apply to both telecommunications companies and Internet firms. In 2005, EPIC filed the original FCC petition to extend CPNI privacy protections. EPIC also proposed uniform privacy standards for telecommunications firms and information service providers in the 2016 FCC Privacy Order. (Jul. 10, 2018)
• EPIC, Scientific Societies Call for Public Input on U.S. Artificial Intelligence Policy: In a petition to the Office of Science and Technology Policy, EPIC, leading scientific organizations, including AAAS, ACM and IEEE, and nearly 100 experts urged the White House to solicit public comments on artificial intelligence policy. The Open AI Policy petition follows a White House summit on "AI and American Industry" that was closed to the public and ignored issues such as privacy, accountability, and fairness. EPIC has filed a Freedom of Information Act request seeking records about the establishment of the Select Committee. In advance of a recent hearing on Artificial Intelligence, EPIC also told the House Science Committee that Congress must implement oversight mechanisms for the use of AI by federal agencies. In 2014, EPIC led a similar petition drive for a White House initiative on Big Data. (Jul. 3, 2018)
• At Senate Hearing, Former FTC CTO States That Facebook Violated FTC Consent Order: In a Senate Commerce Committee hearing today on Facebook and data privacy, former FTC CTO Ashkan Soltani stated that Facebook violated the 2011 FTC Consent Order by transferring personal data to Cambridge Analytica and device makers contrary to user privacy expectations. Soltani said that Facebook continued to misrepresent the extent to which users could control their privacy settings and allowed device makers to override users' privacy settings. Senator Blumenthal and other members of Congress had previously said the company violated the Consent Order, which was the result of complaints filed by EPIC in 2009 and 2010. In a statement to the Committee in advance of the hearing, EPIC urged the Senate to focus on the FTC's failure to enforce the Consent Order with Facebook. (Jun. 19, 2018)
• EPIC Urges Congress to Regulate the Internet of Things: In advance of a hearing on the Internet of Things (IoT), EPIC wrote to Congress on the need for privacy and security regulations for IoT consumer products. EPIC explained that regulation is necessary "because neither the manufacturers nor the owners of those devices have incentive to fix weak security." EPIC has called upon the Consumer Product Safety Commission to regulate IoT products, saying that the privacy and security of IoT devices, such as Internet-connected door locks and thermostats, are critical concerns for American consumers. Last week, EPIC testified before the Safety Commission on IoT hazards and promoted baseline standards to protect consumer safety. EPIC previously testified before Congress on the "Internet of Cars." (May. 22, 2018)
• EPIC Testifies Before Safety Commission on IoT Privacy Hazards: EPIC testified before the Consumer Product Safety Commission at the hearing on "The Internet of Things and Consumer Product Hazards." EPIC International Law Counsel Sunny Kang urged the Commission to focus on privacy and security. EPIC's Kang told the Commission that "IoT is the weakest link to privacy and security vulnerabilities in consumer products." EPIC recommended baseline rules for IoT device manufacturers adopted by the UK government in a recent report on privacy and security for IoT devices. EPIC and a coalition of consumer groups previously urged the Commission to recall the Google Home Mini device which was designed to always record conversations. (May. 17, 2018)
• In Congressional Testimony, EPIC Calls For Privacy Safeguards for Social Security Number: EPIC Consumer Privacy Counsel Sam Lester testified before the House Ways and Means Committee at a hearing on "Securing Americans' Identities: The Future of the Social Security Number." EPIC's Lester emphasized that "the SSN was never meant to be an all-purpose identifier," and its widespread use has contributed to the epidemic of data breaches, identity theft and financial fraud. Lester called on Congress to prohibit the use of the SSN in the private sector without explicit legal authorization. Lester also warned Congress against creating a national biometric identifier that would raise serious privacy and civil liberties risks. EPIC frequently testifies before Congress. EPIC President Marc Rotenberg recently testified before the Senate Banking Committee and the House Financial Services Committee on the need to update U.S. privacy law. EPIC also maintains an archive of information about the SSN online. (May. 17, 2018)
• EPIC To Senate Judiciary: Privacy Is Integral to Democracy: In advance of a hearing on Cambridge Analytica and the Future of Data Privacy, EPIC has sent a statement to the Seante Judiciary Committee. EPIC said that "It has become increasingly clear that even as we are asked to give up our privacy, companies have become ever more secretive about how they profile and target voters." In 2014, EPIC challenged Facebook's manipulation of users' News Feeds for psychological research. "If Facebook used data manipulation to shape users' emotions, it can use data manipulation to shape voters' practices," EPIC told the Committee. (May. 15, 2018)
• Senators Introduce Bill to Limit Device Searches at the Border: Senators Patrick Leahy (D-VT) and Steve Daines (R-MT) have introduced a bill that would place restrictions on searches and seizures of electronic devices at the border. The bill sets out detailed procedures for seizing electronic devices, including a warrant requirement prior to inspection of the device, data minimization, and exclusion of evidence that is obtained in violation of the Act. The bill also establishes reporting requirements to determine the scope and frequency of device searches. Senator Leahy stated that "no American should have to relinquish all of their privacy rights to their cell phones, laptops and other electronic devices, simply because they are coming home from a trip abroad." The bill would also require a warrant to use software to analyze seized electronic devices. In a statement to Congress last year, EPIC warned that enhanced surveillance at the border will impact citizens' rights. (Mar. 5, 2018)
• SEC Issues Guidance on Cybersecurity Disclosures: The Securities and Exchange Commission has released guidance for cybersecurity risks and incidents. The SEC stated that "in light of the increasing significance of cybersecurity incidents," it is "critical" for companies to routinely report cybersecurity threats. The Commission also emphasized that corporate officers must not trade on nonpublic information. Equifax waited six weeks to notify the public of its data breach, and its executives were accused of insider trading after it was revealed that they sold Equifax stock prior to informing the public of the breach. EPIC has long advocated for mandatory breach notification. EPIC President Marc Rotenberg recently testified on data security and breach notification before the House and Senate, explaining that companies' failure to protect data threatens not only consumers but also national security. (Mar. 5, 2018)
• Rep. Lieu Introduces Two Consumer Data Protection Bills: Today Rep. Lieu (D-CA) introduced two bills to safeguard consumer data: the "Protecting Consumer Information Act of 2018" and the "Ending Forced Arbitration for Victims of Data Breaches Act." The first bill will expand the Federal Trade Commission's enforcement authority over credit reporting agencies, while allowing state attorneys general to also bring enforcement actions. The second bill will prohibit entities from enforcing mandatory arbitrary clauses—which prohibit consumers from filing lawsuits—in data breach cases. In a press release announcing the legislation, Rep. Lieu said, "these bills forge a path forward that can both prevent future breaches and ensure victims can seek due process when they occur." Rep. Lieu's announcement came the same day that Equifax disclosed an addition 2.4 million people were impacted by last year's data breach, bringing the total to approximately 148 million people. EPIC President Marc Rotenberg recently testified before Congress to call for comprehensive privacy legislation and the creation of a federal data protection agency. (Mar. 1, 2018)
• House Draft Data Security Bill Preempts Stronger State Safeguards: Rep. Luetkemeyer (R-MO) and Rep. Maloney (D-NY) circulated a draft bill, the "Data Acquisition and Technology Accountability and Security Act," that would set federal requirements for companies collecting personal data and require prompt breach notification. The Federal Trade Commission, which has often failed to pursue important data breach cases, and state Attorneys General would both be responsible for enforcing the law. The law would only trigger liability if the personal data breached is "reasonably likely to result in identity theft, fraud, or economic loss" and would preempt stronger state data breach laws. Earlier this week, EPIC President Marc Rotenberg testified before the House, calling for comprehensive data privacy legislation that would preserve stronger state laws. Last fall, EPIC testified at a Senate hearing on the Equifax breach, calling it one of the worst in U.S. history. (Feb. 16, 2018)
• In Congressional Testimony, EPIC to Call For Comprehensive Privacy Law, New Privacy Agency: EPIC President Marc Rotenberg will testify before the House Financial Services Committee this week. Rotenberg will say that "Data breaches pose enormous challenges to the security of American families, as well as our country's national security." EPIC will call for comprehensive data protection legislation and the creation of a federal data protection agency. EPIC also challenged the decision of the CFPB Director to drop the investigation into the Equifax data breach. EPIC has repeatedly urged Congress to address the data protection crisis in the United States, warning that it endangers national security and international trade. Last year EPIC testified before the Senate in the wake of the Equifax breach, emphasizing the growing risks to American consumers. (Feb. 12, 2018)
• Senators Warren and Warner Introduce Bill To Hold Credit Reporting Agencies Accountable : Senators Elizabeth Warren (D-MA) and Mark Warner (D-VA) have introduced legislation to hold credit reporting agencies accountable for data breaches. The Data Breach Prevention and Compensation Act establishes an office of cybersecurity within the FTC to give it direct supervisory authority over the credit reporting industry and imposes mandatory penalties for breaches involving consumer data at credit reporting agencies. The bill is a direct response to the Equifax data breach last year that exposed the sensitive personal information of over 145 million Americans. "Senator Warner and Senator Warren have proposed a concrete response to a serious problem facing American consumers," said EPIC President, Marc Rotenberg. EPIC testified before Congress last year following the Equifax breach, urging legislation to give consumers more control over their credit reports. Senators Warren and Brian Schatz (D-HI) also introduced a bill last year that would allow consumers to freeze and unfreeze their credit reports for free. (Jan. 10, 2018)
• EPIC Urges Congress to Regulate AI Techniques, Promotes 'Algorithmic Transparency': In advance of a hearing on "Digital Decision-Making: The Building Blocks of Machine Learning and Artificial Intelligence," EPIC warned a Senate committee that many organizations now make decisions based on opaque techniques they don't understand. EPIC told Congress that algorithmic transparency is critical for democratic accountability. In 2015, EPIC launched an international a campaign in support of Algorithmic Transparency. At a speech to UNESCO in 2015, EPIC President Marc Rotenberg called knowledge of the algorithm "a fundamental human right." Earlier this year, EPIC filed a complaint with the FTC that challenged the secret scoring of athletes by Universal Tennis. EPIC said to the FTC that it "seeks to ensure that all rating systems concerning individuals are open, transparent and accountable." (Dec. 12, 2017)
• Equifax, Yahoo Testify Before Senate on Data Breaches: The Senate Commerce Committee heard testimony this week from Equifax, Yahoo, and Verizon executives in a hearing on "Protecting Consumers in the Era of Major Data Breaches." A witness for a company selling identification systems recommended an "identity framework," with fingerprints and facial recognition to replace the Social Security Number. EPIC President Marc Rotenberg recently warned against replacing the SSN with a national biometric identifier in testimony before the Senate Banking Committee. Rotenberg has detailed how the credit reporting industry is broken and the steps Congress should take to give consumers greater control over their personal data. EPIC has urged the Senate Judiciary Committee, the House Financial Services Committee, and the House Energy Committee to establish new safeguards for consumers following the Equifax data breach. (Nov. 9, 2017)
• In Senate Testimony, EPIC Calls for Reform of Credit Reporting Industry: EPIC's President Marc Rotenberg will testify this week before the Senate Banking Committee on reform of the credit reporting industry following the Equifax breach. The hearing, "Consumer Data Security and the Credit Bureaus," follows several Congressional hearings with Equifax CEO Richard Smith. Rotenberg will emphasize the need to limit the use of the Social Security number in the private sector and to give consumers control over their personal data. EPIC will recommend a national credit "freeze" and free life-term credit monitoring services for all U.S. consumers. Rotenberg detailed how the credit reporting industry is broken in a recent article in the Harvard Business Review. He also warned that the failure to update U.S. privacy law has placed the digital economy at risk and may lead to the suspension of trans-border data flows. EPIC has previously testified before the House and Senate on the need for Congress to address data breach and identity theft. (Oct. 16, 2017)
• EPIC's Rotenberg to Testify in Senate on Equifax Breach: The Senate Banking Committee has asked EPIC President Marc Rotenberg to testify before the Committee on Tuesday, October 17, 2017 regarding the Equifax data breach. The Senate hearing will explore "Consumer Data Security and the Credit Bureaus." In the Harvard Business Review, Rotenberg recently urged comprehensive reform of the credit reporting industry. The Senate hearing follows a recent hearing on the "Equifax Cybersecurity Breach" with former Equifax CEO Richard Smith. (Oct. 12, 2017)
• EPIC Urges House to Strengthen US Privacy Laws for Cross Border Data Flows: EPIC sent a letter to a House committee on Digital Commerce and Consumer Protection for the hearing "21st Century Trade Barriers: Protectionist Cross Border Data Flow Policy's Impact on U.S. Jobs." EPIC explained that foreign governments are reluctant to permit the transfer of the personal data of their citizens to the U.S. due to the U.S.'s lax privacy laws. EPIC recommended Congress take four steps to update U.S. privacy law: (1) enact the Consumer Privacy Bill of Rights, (2) modernize the Privacy Act, (3) establish an independent data protection agency, and (4) ratify the International Privacy Convention. EPIC also noted that the Schrems II decision calls into question the viability of "Privacy Shield," the current data transfer scheme between the US and EU. (Oct. 12, 2017)
• No Plans to Target Dreamers Using DACA Data: A Department of Homeland Security official told the Senate Judiciary Committee today that the agency has no "plans to target any Dreamers based on any information [they] have received." James McCament Acting Director of Immigration Services said that DHS will adhere to the 2012 Privacy Impact Assessment, which limits the use of personal data obtained from DACA applicants. EPIC earlier recommended that DHS comply with the Privacy Impact Assessment and the federal Privacy Act. (Oct. 4, 2017)
• EPIC Urges Congress To Hold Equifax Accountable, Update Data Protection Law: EPIC has sent statements to Congress ahead of hearings in the House and Senate on the Equifax data breach. EPIC underscored the risk to American consumers of data breaches which are increasingly severe. EPIC urged Congress to require prompt data breach notification, data minimization, and privacy enhancing techniques. In 2011 EPIC testified in the House and Senate on data breaches in the financial services sector. EPIC President Marc Rotenberg recently outlined in the Harvard Business Review steps Congress should now take to protect American consumers. (Oct. 3, 2017)
• EPIC Asks Senate to Enforce Privacy Safeguards for "Dreamers": EPIC warned the Senate Judiciary Committee that 800,000 DACA applicants face privacy risks as a result of the decision to end the Deferred Action for Childhood Arrivals. According to EPIC, the Department of Homeland Security has failed to ensure that DACA applicant's information will be used exclusively for the purpose it was disclosed, as set out in the 2012 privacy impact assessment. EPIC urged the Committee to uphold Privacy Act safeguards for DACA applicants. (Oct. 3, 2017)
• EPIC Urges Senate to Block Biometric Collection At US Airports: EPIC has sent a statement to the Senate Commerce Committee following a hearing on the Transportation Security Administration. EPIC urged the Committee to limit the collection of biometric data at US airports. EPIC described the growing and regulated use of biometrics in US airports, often targeting US citizens. EPIC previous pursued a significant lawsuit against the TSA to limit the use of body scanners. EPIC is currently seeking records from Customs and Border Protection concerning the agency's use of facial recognition for a biometric entry/exit program at airports. EPIC has also objected to a proposal to increase the collection of biometric data for the TSA Pre-Check program. (Sep. 28, 2017)
• EPIC Backs Commission on Evidence-Based Policymaking, Urges Congress to Take Steps to Preserve Privacy: In a statement to Congress, EPIC expressed support for the findings of the Commission on Evidence-Based Policymaking. Congress established the Commission to study how data across the federal government could be combined to improve public policy while protecting privacy. The Commission's report recommends new privacy safeguards and encourages broader use of statistical data. EPIC submitted comments to the Commission urging the adoption of Privacy Enhancing Techniques that minimize or eliminate the collection of personal data. Several of EPIC's recommendations were incorporated in the Commission report. A report from the National Academies of Science earlier this year examined federal data sources and privacy. (Sep. 26, 2017)
• Senators Introduce Data Breach Legislation In The Wake Of Equifax Breach: Senator Markey (D-MA) and several other Senators have introduced legislation that would provide consumers with more control over their personal data. The Data Broker Accountability and Transparency Act would allow consumers to access and correct their personal data and stop data brokers from using, disclosing, or selling their information for marketing purposes. The bill also requires data brokers to develop comprehensive privacy and data security measures and provide "reasonable notice" in the event of a breach. For years, EPIC has supported stronger data breach notification laws, and EPIC has testified before the Senate and House in support of a federal law. EPIC supports consumer control over personal data, and EPIC recommends mandatory breach notification procedures to ensure the consumers are aware when their personal data is wrongly obtained by others. Additionally, last year EPIC created http://www.dataprotection2016.org/ to promote the adoption of stronger privacy safeguards in the U.S. (Sep. 15, 2017)
• NHTSA Revised Automated Vehicle Policy Lacks Privacy Safeguards, Senate Considers Draft Bill: The National Highway Traffic Safety Administration released revised guidance for automated vehicles. The modified guidance encourages manufacturers to develop best practices to minimize cybersecurity risks. However, the NHTSA guidance lacks mandatory standards and fails to safeguard privacy stating that the Federal Trade Commission is responsible for consumer privacy. Previous NHTSA guidance established privacy standards and required developers to minimize data collection. The Senate Commerce Committee is now considering the "AV START Act" concerning automated vehicles. The draft bill proposes voluntary cybersecurity and also lacks consumer privacy standards. Today the NSTB also released findings that Tesla's autopilot feature contributed to a highway fatality earlier this year. EPIC has long advocated for privacy and cybersecurity safeguards to be a central component of automated vehicle development. (Sep. 12, 2017)
• EPIC Urges Senate To Establish Data Protection Standards For Financial Technologies: In advance of a hearing on financial technology, EPIC recommended that the Senate Committee establish privacy standards for financial companies that use social media and secret algorithms to make determinations about consumers. In light of the recent Equifax breach, EPIC proposed that the Committee make privacy and security its top priorities. Earlier this year, EPIC submitted a similar statement to the House Committee on Energy and Commerce. EPIC also recently filed a complaint with the CFPB regarding "starter interrupt devices" deployed by auto lenders to remotely disable cars when individuals are late on their payments. Testimony of Professor Frank Pasquale on "Exploring the Fintech Landscape." (Sep. 11, 2017)
• Federal Commission Backs Evidence-Based Policies, Strong Privacy Safeguards: The Commission on Evidence-Based Policymaking, which was tasked with studying whether and how data across the federal government could be combined for policy research while protecting privacy, has issued its final report. The Commission backs evidence-based policy, recommends new privacy safeguards including Privacy Enhancing Techniques, encourage broader use of statistical data, and recommends the creation of a National Secure Data Service. In testimony before the Commission, EPIC President Marc Rotenberg promoted both innovative privacy safeguards and well informed public policy. EPIC also filed comments with the Commission urging adoption of Privacy Enhancing Techniques, such as anonymization, that minimize or eliminate the collection of personal data. The National Academies of Sciences released a report earlier this year that examined how disparate federal data sources can be used for policy research while protecting privacy. (Sep. 7, 2017)
• Houses Automated Vehicle Bill Lacks Privacy Standards, Would Preempt State Safeguards: The House of Representatives has passed the "SELF DRIVE Act" to encourage the deployment of "automated vehicles" in the United States. Responding to widespread privacy concerns, the bill requires manufacturers to create "privacy plans" and asks the FTC to prepare a privacy study on the automated vehicle industry. The bill supports the development of "Privacy Enhancing Techniques," such as anonymization. But the SELF DRIVE Act lacks essential privacy and safety standards and would preempt stronger state laws. EPIC has repeatedly urged Congress and federal agencies to establish strong public safety standards for automated vehicles. EPIC also backs state efforts to develop privacy and safety safeguards. (Sep. 7, 2017)
• Medicare to Remove SSN from ID Cards: Earlier this year, the Center Medicare Services announced that the Social Security Number would be removed from the Medicare benefits card. Senators Susan Collins and Claire McCaskill led the effort in the Senate to remove the SSN, which contributed to identity theft and often targeted seniors. EPIC testified before their Senate Committee in 2015 on "Protecting Seniors from Identity Theft: Is the Federal Government Doing Enough?" EPIC explained that "there is no other form of individual identification that plays a more significant role in record-linkage and no other form of personal identification that poses a greater risk to personal privacy." Since its founding, EPIC has sought to limit the use of the Social Security Number on identification documents. (Sep. 5, 2017)
• Trump Nominee to Head Privacy Board Favors Warrantless Surveillance: Donald Trump has nominated Adam Klein to head the Privacy & Civil Liberties Oversight Board (PCLOB). Klein, a senior fellow at the Center for a New American Security, recently testified that Congress should not require agencies to obtain a court order to query data collected under Section 702 of the Foreign Intelligence Surveillance Act, facilitating warrantless surveillance. As Judge Patricia Wald recently stated in remarks at the EPIC Champions of Freedom Dinner, "an agency dedicated to protecting privacy and civil liberties inside the intelligence community with access to classified material is a uniquely valuable asset in the ever difficult search for the right balance between national security and democratic values." EPIC recently urged the Senate Judiciary Committee to restore PCLOB to full strength. (Aug. 31, 2017)
• House Releases Text of Automated Vehicle Bill, Preempts State Action: The House Committee on Energy & Commerce recently approved text for a bill on automated vehicles. The bill prevents the states from issuing any rule or regulation that is not identical to a Federal Motor Vehicle Safety Standard, preventing states from issuing their own safety and privacy regulations to safeguard consumers. The bill also calls for automated vehicle manufacturers to have cybersecurity and privacy plans, however it does not address who owns the data collected by automated vehicles or how consumers can access or delete their data. EPIC has opposed federal preemption for automated vehicle regulation and has repeatedly urged federal agencies and Congress to allow states to craft their own privacy and security regulations to protect public safety. EPIC has also recommended that consumers control the personal information that is created and stored by the vehicles they operate, rent, and own. (Aug. 10, 2017)
• EPIC Tells House Committee to Ensure Telemarketing Rules Protect Consumers: EPIC has sent a statement to the House Judiciary Committee in advance of the hearing on "Lawsuit Abuse and the Telephone Consumer Protection Act." The telemarketing law bars telemarketers and robocallers from contacting consumers by phone fax, or text without prior consent. EPIC acknowledged that class action settlements often fail to provide direct financial benefits to consumers, but explained that "TCPA cases are among the most effective privacy class actions because they typically require companies to change their business practices to comply with the law." Last year, EPIC filed an amicus brief in support of TCPA protections for consumers. EPIC has also testified before Congress about the telemarketing law and submitted many comments concerning its implementation. (Jun. 12, 2017)
• EPIC Urges Senate Committee to Investigate Russian Interference with US Election: EPIC has sent a letter to the Senate Judiciary Committee for a hearing on "The Modus Operandi and Toolbox of Russia and Other Autocracies for Undermining Democracies Throughout the World." EPIC described two of its Freedom of Information Act cases against the FBI and the ODNI to obtain records about activities aimed at undermining democratic institutions, as well as a pending FOIA request regarding the "wiretapping of Trump Tower." EPIC explained that upcoming federal elections in Europe underscore the need to assess the threat to democratic elections. EPIC told the Committee the "need to understand Russian efforts to influence democratic elections cannot be overstated." (Mar. 15, 2017)
• EPIC Urges House Committee to Protect Democratic Institutions: EPIC has asked the House Committee on Foreign Affairs to examine the risk to democratic institutions of cyber attack. EPIC described two recent Freedom of Information Act cases against the FBI and the ODNI to obtain records about the Russian interference with the 2016 US Presidential election. EPIC pointed to the upcoming federal elections in Europe and the need to safeguard democratic elections. EPIC recently launched the EPIC Cybersecurity and Democracy Project, which focuses on US cyber policies, threats to election systems, and foreign attempts to influence American policymaking. (Mar. 9, 2017)
• EPIC to Senate: Back FCC Broadband Privacy Rule, End FCC Bulk Data Collection: EPIC has sent a letter to the Senate Commerce Committee ahead of an FCC oversight hearing. EPIC urged the Committee to examine the FCC's role in online privacy. EPIC supports the FCC's broadband privacy rule. In fact, EPIC had urged the FCC to adopt a comprehensive privacy rule for all communications services, as suggested by FCC Chairman Pai. EPIC also brought to the Committee's attention an outdated FCC regulation that requires the bulk collection of telephone data of American consumers. In 2015, EPIC and many consumer privacy groups petitioned the FCC to repeal, but the Commission has yet to take any action. In the letter to the Senate, EPIC said the FCC should withdraw the anti-privacy, data retention regulation. (Mar. 7, 2017)
• EPIC to Congress: Examine TSA Secrecy: EPIC has sent a letter to the House Committee on Oversight for a hearing on the Transportation Security Administration. EPIC has objected to the TSA's refusal to release information designated as "sensitive security information" that is pertinent to EPIC's ongoing case against TSA regarding airport body scanners. EPIC said that "seeking to hide its decision making behind this cloak of secrecy." The House Committee has also criticized the agency's use of the SSI designation. EPIC also raised concerns about the eye scanning of US travelers at US airports as well as the TSA's statement that they will no longer accept drivers licenses from states that oppose "REAL ID". (Mar. 2, 2017)
• EPIC Urges Senate Committee to Protect Consumers, Democratic Institutions With Strong Cyber Policies: In advance of a hearing on "Cyber Strategy and Policy," EPIC has sent a letter to the Senate Armed Services Committee urging Congress to protect democratic institutions, following the Russian interference with the 2016 presidential election. EPIC explained that "data protection and privacy should remain a central focus" of cyber security policy. EPIC also recommended that Congress strengthen the federal Privacy Act and establish a U.S. data protection agency. EPIC recently launched the EPIC Cybersecurity and Democracy Project that will focus on US cyber policies, threats to election systems and foreign attempts to influence American policymaking. (Mar. 2, 2017)
• EPIC Urges House Committee To Ensure Transparency, Public Reporting in Surveillance Law: In advance of a hearing on Section 702 of the Foreign Intelligence Surveillance Act, EPIC has sent a letter to the House Judiciary Committee urging increased transparency and new public reporting of the Government's surveillance activities. EPIC also highlighted that Section 702 is the central focus of multiple current legal challenges to international data transfer agreements occurring abroad. Section 702, which authorizes the bulk surveillance on the communications of non-U.S. persons, sunsets on December 31, 2017. EPIC testified before the Committee during the 2012 FISA reauthorization hearings. (Mar. 1, 2017)
• EPIC Urges House Committee to Protect Consumers, Democratic Institutions with Strong Cyber Security Measures: In advance of a hearing on "Cyber Warfare in the 21st Century: Threats, Challenges, and Opportunities," EPIC has sent a letter to the House Armed Services Committee urging Congress to protect democratic institutions, following the Russian interference with the 2016 presidential election. EPIC explained that "data protection and privacy should remain a central focus" of cyber security policy. EPIC also recommended that Congress strengthen the federal Privacy Act and establish a U.S. data protection agency. EPIC recently launched the EPIC Cybersecurity and Democracy Project, which will focus on US cyber policies, threats to election systems and foreign attempts to influence American policymaking. (Feb. 28, 2017)
• EPIC Tells Senate Committee that Transparency is Critical for Next Director of National Intelligence: EPIC has sent a statement to the Senate Select Committee on Intelligence outlining the key government transparency and cybersecurity challenges the next Director of National Intelligence will confront. The Committee meets today to consider the nomination of Sen. Dan Coats for the position. EPIC commended former Director Clapper's progress on oversight and transparency and urged the Committee to seek assurance from Sen. Coats that his office will continue that work. EPIC also warned that over classification remains an issue that frustrates government accountability. EPIC informed the Committee that EPIC has filed suit against the ODNI for public release of the Complete Assessment of the Russian interference in the 2016 election. In the unclassified report, former Director Clapper said that the Russians conducted a "multi-faceted" attack on the 2016 election. (Feb. 28, 2017)
• EPIC Urges Congress to Protect Consumers, Democratic Institutions with Strong Cyber Security Measures: In advance of a hearing on "Strengthening U.S. Cybersecurity Capabilities," EPIC has sent a letter to the House Science Committee urging Congress to protect democratic institutions, following the Russian interference with the 2016 presidential election. EPIC explained that "data protection and privacy should remain a central focus" of cyber security policy. EPIC also recommended that Congress strengthen the federal Privacy Act and establish a U.S. data protection agency. (Feb. 13, 2017)
• EPIC Urges Senate Committee to Ensure UN Ambassador Supports International Privacy Convention: EPIC has sent a statement to the Senate Foreign Relations Committee urging that the next UN Ambassador to advocate for human rights, particularly the right to privacy and the right to freedom of expression as set out in the Universal Declaration of Human Rights. EPIC also wrote that the UN Ambassador should support US ratification of the Council of Europe Privacy Convention, which is critical to the continued flow of personal data around the world. EPIC and consumer organizations have called on the United States to ratify the Privacy Convention. Next week, many countries around the world will recognize January 28, International Privacy Day, which celebrates the International Privacy Convention. (Jan. 18, 2017)
• EPIC Urges Senate Committee to Examine CIA Nominee's Positions on Surveillance: EPIC has sent a statement to the Senate Select Committee on Intelligence highlighting CIA Director nominee Mike Pompeo's troubling positions on privacy and surveillance. In a January 2016 op-ed, Mr. Pompeo wrote that "Congress should pass a law re-establishing collection of all metadata, and combining it with publicly available financial and lifestyle information into a comprehensive, searchable database. Legal and bureaucratic impediments to surveillance should be removed." EPIC warned the Committee that the CIA Director must not "turn the enormous surveillance powers of the agency against the American people." The CIA has a long history of unlawful surveillance. A recent Freedom of Information Act case pursued by an EPIC revealed the CIA spied on staff members of the US Senate. (Jan. 17, 2017)
• EPIC Warns Boston City Council of Risks of Body Cameras: EPIC submitted a statement for the record today for the Boston City Council hearing on mandating body cameras for the Boston Police. EPIC opposes the use of "police cams" and warned the city council that body cameras could "become the next surveillance technology disproportionately aimed at the most marginalized members of society." EPIC also pointed to the potential liability for cities if harmful images are posted online. EPIC explained that there are "more productive means to achieve police accountability that do not carry the risk of increasing surveillance." EPIC stressed that if body cameras are deployed, police departments must comply with all privacy and open government laws. (Aug. 5, 2015)
• House Renews Foreign Intelligence Surveillance Powers: The House has voted to reauthorize the FISA Amendments Act (301-118). The Act authorizes programs of surveillance intended to target foreign agents, but allows collection of private communications of United States citizens without individualized suspicion. In May 2012, EPIC Executive Director Marc Rotenberg testified before the House Judiciary Committee on the legislation and recommended new oversight procedures. The Senate has yet to consider the measure. Senator Ron Wyden (D-OR) and others have expressed concern about renewal of the Act. For more information, see EPIC: Foreign Intelligence Surveillance Act and EPIC: Clapper v. Amnesty International USA. (Sep. 12, 2012)
• New CRS Report Finds Few Protections For Drone Surveillance: "Drones in Domestic Surveillance Operations," a new report from the the Congressional Research Service, examines current law, the Fourth Amendment, and recently introduced legislation. The CRS finds that "the prospect of drone use inside the United States raises far-reaching issues concerning the extent of government surveillance authority, the value of privacy in the digital age, and the role of Congress in reconciling these issues." In testimony before a House Subcommittee earlier this year, EPIC's Amie Stepanovich stated, "there are substantial legal and constitutional issues involved in the deployment of aerial drones by federal agencies that need to be addressed." EPIC recommended that the FAA develop privacy rules, that DHS conduct a privacy assessment, and that Congress establish new privacy safeguards. EPIC, joined by over 100 organizations, experts, and members of the public, has also petitioned the FAA to begin a rulemaking on the privacy impact of drone use. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones. (Sep. 7, 2012)
• EPIC Asks Congress to Adopt Privacy Safeguards for Drones: Today's House Homeland Security Oversight Subcommittee hearing, "Using Unmanned Aerial Systems Within the Homeland: Security Game Changer?” examined federal use of drones in the United States. University of Texas Professor Todd Humphreys testified about how he gained full flight control of a drone operated by someone else. On the second panel, EPIC's Amie Stepanovich testified on the privacy implications of domestic drone use, alongside Gerald Dillingham and Chief Deputy William McDaniel. In February, EPIC, joined by over 100 organizations, experts, and members of the public, petitioned FAA to begin a rulemaking on the privacy impact of drone use. The Agency has not yet responded the EPIC Petition or addressed privacy concerns. EPIC recommended that the FAA develop privacy rules, that DHS conduct a privacy assessment, and that Congress establish new privacy safeguards. For more information, see EPIC: Unmanned Aerial Vehicles (UAVs) and Drones. (Jul. 19, 2012)
• EPIC to Congress: "Strengthen FISA Oversight": EPIC Executive Director Marc Rotenberg will testify before the House Judiciary Subcommittee on the FISA Amendments Act of 2008. The Act authorizes Government surveillance of international communications, including the private communications of U.S. citizens. EPIC will recommend increased transparency and new public reporting of the Government's surveillance activities. Currently, the FISA letter to Congress provides little to no information about Government conduct. "Congress should not reauthorize the FISA Act until adequate oversight procedures are in place," Rotenberg said. The hearing will be webcast. For more information, see EPIC: Foreign Intelligence Surveillance Act and EPIC: Clapper v. Amnesty International. (Jun. 1, 2012)
• EPIC to Testify on Foreign Intelligence Surveillance Act: EPIC Executive Director Marc Rotenberg is scheduled to testify before the House Judiciary Committee at a hearing on May 31, 2012 regarding the FISA Amendments Act of 2008. For more information, see EPIC: Foreign Intelligence Surveillance Act and EPIC: Foreign Intelligence Surveillance Court. (May. 25, 2012)
• Senate Opens Investigation Into Google Search: Senator Herb Kohl (D-WI) and Mike Lee (R-UT), Chairman and Ranking member of the Judiciary Antitrust Subcommittee, have sent a letter to FTC Chairman Jon Leibowitz, expressing concern about Google's business practices and the company's impact on competition in Internet search and commerce. In September, EPIC wrote to the FTC and described how Google biased YouTube search rankings to give preferential treatment to its own content following the acquisition of the Internet's largest video service provider. The EPIC letter preceded a Senate hearing on "The Power of Google: Serving Consumers or Threatening Competition?" EPIC testified before the Senate Antitrust Subcommittee in 2007 on Google's growing dominance of essential Internet services. (Dec. 20, 2011)
• Senate Holds Hearing on Google’s Anticompetitive Practices: Today's Senate Judiciary Committee hearing "The Power of Google: Serving Consumers or Threatening Competition?” examined Google’s use of its dominance in the search market to suppress competition. The company’s executive chairman, Eric Schmidt, testified on the first panel, while witnesses from Google’s rivals Yelp and Nextag appeared on the second panel. The hearing covered a wide range of issues, including search bias, Google’s proprietary search algorithm, and the downgrading of search rankings. EPIC testified before the the same committee in 2009 on Google’s growing dominance of essential Internet services, and recently sent a letter to the Federal Trade Commission regarding Google’s biasing of Youtube search rankings to give preferential treatment to its own video content. For more information, see EPIC: Google/DoubleClick and EPIC: Federal Trade Commission. (Sep. 21, 2011)
• EPIC Warns Congress of Cybersecurity Risks to Consumers: EPIC Executive Director Marc Rotenberg testified today before the House Subcommittee on Financial Institutions and Consumer Credit. EPIC highlighted several recent high-profile data breaches, including those involving the digital security certificates used to authenticate websites, that have compromised the private data of thousands of consumers. Citing reports from the Privacy Rights Clearinghouse, EPIC's Rotenberg said "These attacks on financial institutions produce both direct and indirect costs for consumers who must contend with the risk of identity theft and financial fraud." EPIC previously testified before the Senate Banking Committee on cybersecurity in the financial sector and the growing threat to consumer data. For more information, see EPIC: Cybersecurity and Privacy. Webcast. (Sep. 14, 2011)
• EPIC Urges Congress to Reject Data Retention Plan: In testimony before the House Judiciary Committee, EPIC President Marc Rotenberg said that a proposal to retain identifying information on Internet users would put at risk "99.9% of Internet users." H.R. 1981, a bill to address concerns about children pornography, would require Internet Service Providers to store temporarily assigned IP addresses for future government use. And the bill would create a new immunity so that ISPs would not be liable if problems resulted. EPIC also pointed out with the increased risk of data breaches and identity theft, best practices now follow data minimization rather than data retention. Prospects for passage of H.R. 1981 dimmed at the hearing after Chairman James Sensenbrenner (R-WI) said he would oppose the measure. For more information, see EPIC - Data Retention. (Jul. 13, 2011)
• EPIC Testifies in Congress on Data Breach Legislation: EPIC Executive Director Marc Rotenberg testified today before the House Commerce Committee on the SAFE Data Act, a bill introduced by Rep. Bono-Mack to require greater protection for sensitive consumer data and timely notification in case of breach. EPIC emphasised the growing problem of data breaches and the likelihood that problems would get worse as more user data moves to cloud-based services. EPIC supported recent changes in the bill that would require companies to act more quickly in case of breach and encourage minimization of data collection. EPIC recommended changes in the bill to strengthen enforcement, require notification, protect identifiers linked to individuals, and ensure that state governments are able to respond on behalf of consumers as new problems emerge. Webcast (Jun. 15, 2011)
• Faster FOIA Act Moves Forward in Senate: The Senate Judiciary Committee has approved bipartisan legislation, cosponsored by Senators Patrick Leahy (D-VT) and John Cornyn (R-TX), to improve the Freedom of Information Act (FOIA) processing. The Faster FOIA Act will create an advisory panel to examine agency backlogs and provide recommendations to Congress. EPIC recently testified before the House Oversight Committee about FOIA delays and politicized processing within the Department of Homeland Security. For more information see: EPIC: Open Government and EPIC: Litigation Under the Federal Open Government Laws. (Apr. 12, 2011)
• EPIC: DHS Review of FOIA Requests is "Unlawful": EPIC testified today before the House Oversight Committee hearing "Why Isn't The Department Of Homeland Security Meeting The President's Standard On FOIA?" The hearing examined the DHS's political review of open government requests. The DHS "Awareness" program singled out FOIA requests for additional scrutiny by political appointees based on the subject of the requests and the identities of the requesters. EPIC Senior Counsel John Verdi called the program "uniquely harmful" and "unlawful." He pointed to Supreme Court precedent and the additional delay in FOIA processing. Also testifying at the hearing were the DHS General Counsel, the DHS Chief FOIA Officer, and the DHS Inspector General. For more information, see EPIC: Open Government and EPIC: Litigation under the Federal Open Government Laws 2010. (Mar. 31, 2011)
• EPIC to Testify at House Oversight Hearing on FOIA: EPIC Senior Counsel John Verdi will testify before the House Oversight Committee on March 31, 2011 regarding Homeland Security’s political review of FOIA requests and the effects of the agency’s policies on requesters. The hearing arises as the AP reports that DHS career staff repeatedly questioned the political review policy. This report also follows an earlier release of 1,000 agency documents revealing the long-standing process of vetting FOIA requests by political appointees. In a previous letter to the Committee, EPIC and a coalition of open government groups wrote that FOIA does not permit agencies to select requests for political scrutiny. For more information, see EPIC: Open Government and EPIC: Litigation under the Federal Open Government Laws 2010. (Mar. 28, 2011)
• EPIC Urges Congress to Suspend Body Scanner Program, Require Public Comment Period: In a hearing before the House Oversight Subcommittee on National Security, EPIC urged Congress to suspend the use of airport body scanners for primary screening. EPIC said the devices were not effective and were not minimally intrusive, as courts have required for airport searches. EPIC cited TSA documents obtained in EPIC's FOIA lawsuit which showed that the machines are designed to store and transfer images, and not designed to detect powdered explosives. EPIC was joined on the panel by radiation expert Dr. David Brenner, who has frequently pointed out the radiation risks created by these machines. The TSA, which is a federal agency funded by taxpayer dollars and responsible for the body scanner program, originally refused to testify at hearing. Eventually they showed up. Chairman Jason Chaffetz, who had previously sponsored a bill regarding body scanners, grilled the TSA officials and said the hearing would continue with more questions. For more information see EPIC: Whole Body Imaging Technology and EPIC: EPIC v. DHS. (Mar. 16, 2011)
• EPIC to Testify at Congressional Hearing on TSA Body Scanner Program: The Subcommittee on National Security of the House Committee on Oversight and Government Reform will hold a hearing on "TSA Oversight: Whole Body Imaging" On March 16, 2011. EPIC President Marc Rotenberg has been asked to testify. The hearing is expected to explore the privacy impact, health concerns, and questions of effectiveness that have been raised about the program. Committee Chairman Jason Chaffetz (R-UT) introduced legislation in 2009 that passed the House, 310-108, that would prevent the TSA from deploying body scanners as the primary screening technique in US airports. EPIC held a public conference earlier this that explored public objections to the TSA program. For more information, see EPIC: EPIC v. DHS and EPIC: Whole Body Imaging Technology. (Mar. 10, 2011)
• EPIC to Urge Congress to Strengthen Privacy Laws for Facebook Users: In prepared testimony (PDF) for a Congressional hearing on "Online Privacy, Social Networking and Crime Vicitimization," EPIC Executive Director Marc Rotenberg urged lawmakers to update federal law to protect the privacy of Facebook users. Mr. Rotenberg said that Facebook's constant changes to the privacy settings of users have made it virtually impossible for users to control who gets access to their personal information. He also said that the failure of the Federal Trade Commission to investigate Facebook's business practices means that Congress must now amend the federal privacy law to limit the ability of Social Network companies to disclose user information to third parties without informed and explicit consent. Also testifying at the hearing are witnesses from the FBI, the Secret Service, Symantec, and Facebook. For more information, see EPIC Social Networking Privacy, EPIC Facebook, and EPIC In re Google Buzz. (Jul. 28, 2010)
• EPIC Testifies in Congress on Cybersecurity and Privacy: EPIC Executive Director Marc Rotenberg testified today before the House Committee on Science and Technology regarding Planning for the Future of Cyber Attack Attribution. In his prepared statement, Mr. Rotenberg discussed "the risks and limitations of a mandatory Internet ID that may be favored by some as a way to address the risk of cyber attack." He explained how such a proposal would implicate human rights and online freedom, and questioned the constitutionality of such a measure. EPIC recommended that efforts continue to focus on improving security standards, deploying encryption, and requiring federal agencies to remain transparent as they develop cyber security policies. For more information, see EPIC Cybersecurity and Privacy. (Jul. 15, 2010)
• EPIC Testifies in Congress on Smart Grid Privacy: EPIC Associate Director Lillie Coney testified before the House Committee on Science and Technology regarding Smart Grid Architecture and Standards: Assessing Coordination and Progress. In her prepared statement, Ms. Coney told Congress that the "basic architecture of the Smart Grid presents several thorny privacy issues" and explained how smart meters and appliances transmitting user data wirelessly introduced threats to consumers.  She also described how strong security and privacy standards can address the risks of identity theft, unauthorized access, and individual surveillance. EPIC has submitted comments to NIST and the state of California, urging stronger privacy standards for Smart Grid services. For more information, see EPIC Smart Grid. (Jul. 1, 2010)
• EPIC Urges Congress to Extend Children's Privacy Law to Teenagers and Social Network Services, Says Current Law Has Failed to Keep Up with New Business Practices: EPIC President Marc Rotenberg testified today before the Senate Commerce Committee. He said that "COPPA did not anticipate the immersive online experience that a social network service would provide or the extensive data collection of both the trivial and the intimate information that children would share with friends." Mr. Rotenberg also pointed to the FTC's failure to enforce children's privacy rights despite clear-cut violations of the fedral law. EPIC recommended updates that would expand COPPA protections to teens and clarify the law's application to mobile and social network services. EPIC'S press release can be found here. For more, see EPIC: COPPA (Apr. 28, 2010)
• EPIC to Testify in Congress on Airport Security: EPIC has been asked to testify before the Subcommittee on Transportation Security and Infrastructure Protection on Wednesday, March 17, 2010. The hearing will examine "An Assessment of Checkpoint Security: Are Our Airports Keeping Passengers Safe?" EPIC is expected to discuss the documents it has recently obtained in an open government lawsuit against the DHS. For more information, see EPIC: Whole Body Imaging. (Mar. 15, 2010)
• EPIC Urges Comprehensive Strategy for ID Theft : With ID theft rapidly increasing in the United States, EPIC Executive Director Marc Rotenberg today urged a Congressional Committee to address the root causes of the problem. In testimony before the House Oversight Committee, Mr. Rotenberg said that the government typically acts only after the crime has occurred and warned that the problem will get worse if current trends continue. EPIC recommended a comprehensive strategy for ID Theft that would include: (1) Establishing privacy safeguards for web 2.0 services; (2) Ensuring privacy protections for outsourcing; (3) Enacting comprehensive privacy legislation; (4) Making privacy protection a focal point of cybersecurity policy; and (5) Developing better techniques for Identity Management. See EPIC pages on Identity Theft. (Jun. 17, 2009)
• Congress Holds Open Markup Session on Data Breach Bill: The Committee on Energy and Commerce held an open markup session on the Data Breach Bill. The Chairman of the subcommittee intends to have a law that is strong and adequately protects consumers. EPIC testified before Congress on this bill, which requires security policies for consumer information, regulates the information broker industry, and establishes a national breach notification law. For more information, see EPIC's page on Identity Theft. (Jun. 3, 2009)
• EPIC Testifies Before Congress on Data Breach Bill, Urges Changes to Strengthen Act: EPIC Director Marc Rotenberg testified before Congress on the Data Accountability and Trust Act, which would require security policies for consumer information, regulate the information broker industry, and establish a national breach notification law. Rotenberg said "companies need to know that they will be expected to protect the data they collect and that, when they fail to do so, there will be consequences." The EPIC Director opposed the preemption of stronger state laws, and recommended the use of text messages for breach notices, and suggested that personally identifiable information be broadly defined to include any information that "identifies or could identify a particular person." To learn more about Identity Theft, see EPIC's Identity Theft page. (May. 5, 2009)