February 18, 2005
Consumer groups are urging lawmakers to enact new identity theft protections like giving consumers the right to lock up their credit files with a security freeze and requiring companies to notify consumers when sensitive customer information has been compromised.
The prodding comes in the wake of news that a fraud ring has stolen the personal and financial information of an estimated 100,000 consumers from computer databases maintained by ChoicePoint, Inc.
Four states already have security freeze laws on the books and another 11 states are considering adopting the safeguard. California is the only state that requires companies to notify customers about breached security. Other states are beginning to look at such notification requirements.
"Consumers need the ability to prevent identity theft before it happens," said Gail Hillebrand, senior attorney for Consumers Union. "A security freeze lets consumers decide for themselves when potential new creditors get to see their credit file, which stops identity thieves in their tracks."
A security freeze lets the consumer stop anyone from looking at his or her own credit reporting file for purposes of granting credit unless the consumer chooses to let that particular business look at the consumer's information.
When an imposter seeks credit in the consumer's name, the creditor checks the credit reporting file. If the file is frozen, the creditor will deny the thief's credit application. When the consumer is applying for credit, the consumer can lift the freeze so that a particular creditor can see the credit file. When the consumer is not seeking credit, the security freeze effectively prevents anyone else from getting credit in the consumer's name.
California law lets consumers put a security freeze on their credit-reporting file at any time, even if they have not been victimized by identity theft. A similar security freeze right goes into effect in Louisiana in July 2005. Texas law allows consumers to put a security freeze on their credit files after they have filed a police report detailing that they have become victims of identity theft. Consumers in Vermont will have the same right starting in July 2005.
Eleven states are currently considering security freeze legislation: Colorado, Connecticut, Hawaii, Illinois, Indiana, Maine, Maryland, Massachusetts, Oregon, Utah, and Washington. Lawmakers in Texas have introduced a bill to strengthen the state's existing security freeze law to allow all consumers -- not just identity theft victims -- to take advantage of the safeguard.
"Identity theft is the fast growing form of fraud in the U.S. and ruins the credit of millions of Americans every year," said Kerry Smith, senior consumer attorney for the National Association of State PIRGs. "Consumers need the right to put a security freeze on their credit files so they can protect their financial privacy and prevent thieves from stealing their identities."
News reports about the ChoicePoint fraud ring began to surface after the company notified an estimated 35,000 consumers in California that the security of their personal and financial information had been compromised. ChoicePoint was required to notify Californians about the security breach because of a state law that requires companies to inform consumers when the security of information held about them has been breached. No other state requires such notification.
"It shouldn't be left up to a company that has had its security breached to decide which consumers to notify when sensitive information may have been compromised," said Hillebrand. "Consumers across the country deserve the right to know when a company's security has been breached," said Hillebrand.
