March 16, 2006
(Washington, DC) —The House Financial Services Committee voted today to repeal strict state notification and credit freeze laws that have helped to protect consumers from identity theft and financial fraud. These laws provide essential protections that allow consumers to prevent identity thieves from opening credit accounts in their names and require companies to inform consumers when their personal data —such as their Social Security and credit card numbers — have become compromised.
“It is ironic that after a year in which over 55 million Americans’ identities were put at risk through preventable data breaches, the House Financial Services Committee would repeal state laws that have protected consumers from identity theft,” said Susanna Montezemolo, policy analyst with Consumers Union, nonprofit publisher of Consumer Reports magazine.
Montezemolo added, “This bill is like buying a fire detector after your house has burned down—it is too little, too late. We shouldn’t have to wait until an identity thief has already bought a Lexus in your name in order to have the right protect yourself. ”
Ed Mierzwinski, Consumer Program Director for the U.S. Public Interest Research Group, said: “Today, the Financial Services Committee voted for the worst data security bill ever. Rather than voting to protect consumers, the Committee made things worse. All consumers should have the right to sleep at night without worrying about identity theft – this bill takes us in the exact wrong direction.”
There are nearly 10 million identity theft victims each year, according the Federal Trade Commission, or an estimated 19 identity theft victims a minute. The crime has cost businesses, financial institutions and consumers billions of dollars in recent years.
The Federal Trade Commission recently negotiated the largest civil penalty ever -- $10 million -- for data broker ChoicePoint’s admission that it sold 163,000 personal financial records to identity thieves. Consumers and the media only learned of the ChoicePoint incident after Californians were notified, based on that state’s strict notification requirements.
Since then, consumers have come to expect that when their personal data is at risk, they will be notified. Eleven states have stricter notification standards than the federal bill, including the California law that resulted in ChoicePoint public awareness. Eight states have freeze laws stronger than those in the bill: California, Colorado, Connecticut, Louisiana, Maine, Nevada, New Jersey, and North Carolina. All of these laws would be eliminated under the measure.
Mierzwinski said, “This is just the first step in the legislative process, and other committees have jurisdiction over this issue. Ideally, this bill will not become law and states will continue to innovate in the area of identity theft and privacy protections.”
Susanna Montezemolo, CU, 202-462-6262
Ed Mierzwinski, U.S. PIRG, 202-546-9707