Georgia PIRG Education Fund
ATLANTA—Recent reports that a fraud ring has stolen the personal and financial information of as many as 400,000 consumers from computer databases maintained by ChoicePoint, Inc., has underscored the need for tougher safeguards against identity theft. Consumer advocacy groups Georgia PIRG and Consumers Union are urging lawmakers to enact new identity theft protections like giving consumers the right to lock up their credit files with a security freeze and requiring companies to notify consumers when sensitive customer information has been compromised.
Four states already have security freeze laws on the books and another 12 states are considering adopting the safeguard. California is the only state that requires companies to notify customers about breached security. Other states are beginning to look at such notification requirements.
“Consumers need the ability to prevent identity theft before it happens,” said Consumer Advocate Jill Johnson of Georgia PIRG. “A security freeze lets consumers decide for themselves when potential new creditors get to see their credit file, which stops identity thieves in their tracks.”
A security freeze lets the consumer stop anyone from looking at his or her own credit reporting file for purposes of granting credit unless the consumer decides to unlock the file by contacting the credit bureaus and providing a security code.
California and Louisiana have passed laws that enable consumers to put a security freeze on their credit reporting file at any time, even if they have not been victimized by identity theft. Texas and Vermont have passed laws that allow consumers to put a security freeze on their credit files after they have filed a police report detailing that they have become victims of identity theft. Twelve states are currently considering security freeze legislation: Colorado, Connecticut, Hawaii, Illinois, Indiana, Maine, Maryland, Massachusetts, New Jersey, Oregon, Utah, and Washington. Lawmakers in Texas have introduced a bill to strengthen the state’s existing security freeze law to allow all consumers—not just identity theft victims—to take advantage of the safeguard.
“Identity theft is the fast growing form of fraud in the U.S. and ruins the credit of millions of Americans every year,” said Gail Hillebrand, Senior Attorney for Consumers Union “Consumers need the right to put a security freeze on their credit files so they can protect their financial privacy and prevent thieves from stealing their identities.”
News reports about the ChoicePoint fraud ring began to surface after the company notified an estimated 35,000 consumers in California that the security of their personal and financial information had been compromised. Law enforcement officials have identified approximately 750 people who have been the victims of identity theft in this incident
ChoicePoint was required to notify Californians about the security breach because of a state law that requires companies to inform consumers when the security of information held about them has been breached. No other state requires such notification and news report initially indicated that ChoicePoint had no plans of notifying consumers outside of California. Late yesterday, ChoicePoint finally agreed to send notice to approximately 110,000 consumers outside of California whose information also may have been accessed.
Lawmakers in Massachusetts and Illinois have introduced legislation to extend the notification requirement to consumers in their states and consumer groups are urging other states to follow suit.
“It shouldn’t be left up to a company that has had its security breached to decide which consumers to notify when sensitive information may have been compromised,” said Johnson. “Consumers across the country deserve the right to know immediately when a company’s security has been breached,”