By Chris A'Court
BBC Radio 4's Money Box
More and more people are falling victim to identity theft
UK data protection rules should be strengthened to stem a rise in identity theft, consumer representatives have said.
The National Consumer Council believes it should be mandatory for businesses to warn people if sensitive personal information is compromised.
In the UK there is currently no requirement to reveal, for example, when a database has been hacked into or computer records have been stolen or lost.
Consumer groups argue that if people are informed they can take preventative action to stop identity theft.
Identity crime already affects 100,000 people a year in the UK and costs the economy £1.7 billion.
Criminals most frequently take out loans in their victim's name and run up huge debts.
In the US, 34 states have already made it law to reveal breaches affecting identity security.
They took action because millions of people were being put at risk through security lapses by both business and government.
The US Consumers Union and the Public Interest Research Group (PIRG) both support the laws which were first introduced in California by Senator Debra Bowen.
She said they have proved a great success and led to almost daily declarations of security breaches and blunders that put consumers at risk.
It has also resulted in a tightening up of database security because organisations do not like to be named and shamed.
Senator Bowen told BBC Radio 4's Money Box Investigates: "It had gone from where there was the occasional theft of a credit card application from someone's mailbox to massive fraud causing enormous personal losses as well as a big negative for the business community.
"We have slowed the incidents of identity theft dramatically and that means fewer people are being victimised."
In the UK data handling is covered by the Data Protection Act but that does not include any requirement for those who experience security breaches to publicly declare it or warn the potential identity theft victims.
Ed Mierzwinski, consumer programme director of PIRG, based in Washington, admires the UK's act but fears the rapid growth of identity theft means it is now not strong enough.
He told the programme: "You'll need to upgrade even strong data protection acts to give consumers more control over their information so England, France, Germany, all countries should give consumers greater protection [and] notice [of] when companies lose their information."
His calls for more to be done to protect the growing number of identity theft victims in the UK are backed up by the UK National Consumer Council (NCC).
Its deputy director of policy, Claire Whyley, said: "At the moment there's no duty on organisations to inform their consumers or anybody else of security breaches.
"There's a huge disincentive for companies to voluntarily provide information about security breaches because it's not going to look good to consumers and they may lose custom as a result of it. So we really do need a duty in place to compel them to do that."
But the Information Commissioner, Richard Thomas, who enforces the Data Protection Act, told the programme the UK already has a higher level of legal protection than the US.
The Information Commissioner said a greater debate is needed
And he said so far the UK does not seem to have had the same sort of problems the US has been experiencing.
He would like to encourage organisations to notify security breaches as "good practice" but said whether to make that a legal requirement needs a greater debate which has not yet started.
Any changes to the Data Protection Act would come via Parliament.
HAVE YOUR SAY
What would you suggest to reduce ID theft?
Should it be law to reveal security breaches?
At the moment the government minister in charge of identity issues, Joan Ryan MP, says there are no plans to introduce a US-style breach law here.
She told the programme: "We could be asking all public and private sector to be sending out these notices.
"It could become like confetti and perhaps just increase levels of fear and feelings of vulnerability.
"I think it's something we have to watch but I think we have to look at in context of the different kinds of systems and different legislation that exists between ourselves and the United States."
And she said the Home Office already publishes a range of information to enable people to keep a check on whether they have, or could be, a victim of identity theft or identity fraud.
BBC Radio 4's Money Box Investigates was broadcast on Tuesday, 29 August, 2006 at 2002 BST and repeated on Sunday, 3 September, at 1702 BST.