ATLANTA—Recent reports
that a fraud ring has stolen the personal and financial information of as many
as 400,000 consumers from computer databases maintained by ChoicePoint, Inc.,
has underscored the need for tougher safeguards against identity theft. Consumer
advocacy groups Georgia PIRG and Consumers Union are urging lawmakers to enact
new identity theft protections like giving consumers the right to lock up their
credit files with a security freeze and requiring companies to notify consumers
when sensitive customer information has been compromised.
Four states already have
security freeze laws on the books and another 12 states are considering adopting
the safeguard. California is the only state that requires companies to notify
customers about breached security. Other states are beginning to look at such
notification requirements.
“Consumers need the
ability to prevent identity theft before it happens,” said Consumer Advocate
Jill Johnson of Georgia PIRG. “A security freeze lets consumers decide
for themselves when potential new creditors get to see their credit file, which
stops identity thieves in their tracks.”
A security freeze lets the
consumer stop anyone from looking at his or her own credit reporting file for
purposes of granting credit unless the consumer decides to unlock the file by
contacting the credit bureaus and providing a security code.
California and Louisiana
have passed laws that enable consumers to put a security freeze on their credit
reporting file at any time, even if they have not been victimized by identity
theft. Texas and Vermont have passed laws that allow consumers to put a security
freeze on their credit files after they have filed a police report detailing
that they have become victims of identity theft. Twelve states are currently
considering security freeze legislation: Colorado, Connecticut, Hawaii, Illinois,
Indiana, Maine, Maryland, Massachusetts, New Jersey, Oregon, Utah, and Washington.
Lawmakers in Texas have introduced a bill to strengthen the state’s existing
security freeze law to allow all consumers—not just identity theft victims—to
take advantage of the safeguard.
“Identity theft is
the fast growing form of fraud in the U.S. and ruins the credit of millions
of Americans every year,” said Gail Hillebrand, Senior Attorney for Consumers
Union “Consumers need the right to put a security freeze on their credit
files so they can protect their financial privacy and prevent thieves from stealing
their identities.”
News reports about the ChoicePoint
fraud ring began to surface after the company notified an estimated 35,000 consumers
in California that the security of their personal and financial information
had been compromised. Law enforcement officials have identified approximately
750 people who have been the victims of identity theft in this incident
ChoicePoint was required
to notify Californians about the security breach because of a state law that
requires companies to inform consumers when the security of information held
about them has been breached. No other state requires such notification and
news report initially indicated that ChoicePoint had no plans of notifying consumers
outside of California. Late yesterday, ChoicePoint finally agreed to send notice
to approximately 110,000 consumers outside of California whose information also
may have been accessed.
Lawmakers in Massachusetts
and Illinois have introduced legislation to extend the notification requirement
to consumers in their states and consumer groups are urging other states to
follow suit.
“It shouldn’t
be left up to a company that has had its security breached to decide which consumers
to notify when sensitive information may have been compromised,” said Johnson.
“Consumers across the country deserve the right to know immediately when
a company’s security has been breached,”
