Hard-Fought Texas Identity Theft Prevention Laws At Risk

Media Contacts

TexPIRG

 AUSTIN—Texas has been an early leader in the fight to prevent identity theft, but tough laws adopted in recent years are being threatened by an industry effort to preempt the standards at the federal law, warned a consumer advocacy group today. Senator Hutchison (R-TX) and other members of the Senate Commerce committee will vote on the proposal on Thursday.

“In recent years, Texas and other states have led the way in the fight against identity theft with innovative laws to give consumers more control over their financial information,” said Luke Metzger, Advocate with the Texas Public Interest Research Group (TexPIRG). “Unfortunately, industry is pushing Congress to pass weak identity theft legislation that would wipe out these state laws, and replace them with weaker protections.

Identity theft is a growing crisis in America. A national survey commissioned by the FTC demonstrates that an estimated 10 million Americans are victimized by identity theft each year. Easy access to consumers’ confidential identifying information, including social security numbers, has contributed to this epidemic. Credit card companies, merchants, credit bureaus and other businesses do not adequately safeguard consumers’ private financial information, making it relatively easy for thieves to steal this data and use it to take out new credit or to rack up charges on existing accounts.

To guard against these harms, Texas has passed a number of measures in recent years to give consumers more control over their financial identity. Unfortunately, S. 1408 (Smith-Bill Nelson) would preempt Texas’ security freeze and security breach notification laws, and would replace them with much weaker protections, for example:

  • S. 1408 weakens Texas’ security freeze law by creating huge loopholes. Current Texas law allows victims of identity theft to block most inquiries into their credit report.
  • S. 1408 only applies to new credit accounts that are used only for personal use. That means identity thieves still will be able to open other accounts. This would make the security freeze law worthless as identity thieves could do the following in your name:
  1. Open cell phone accounts, rent apartments, and apply for jobs.
  2. Open business credit cards using their victims’ identities.
  • S. 1408 weakens the Texas security freeze law which requires the bureaus to notify consumers of their right to place a freeze on their credit files; under this bill, bureaus are not required to make that notification. 
  • S. 1408 weakens the Texas security freeze law that allows consumers to temporarily suspend the security freeze not only for a specific period of time but also for a particular party. 
  • S. 1408 weakens Texas law which prohibits fees for temporarily suspending a freeze, and that imposes a reasonable cap on any other fees the bureaus may charge consumers for using the freeze. 
  • S. 1408 weakens TX security freeze law that specifically includes a private right of action. 
  • S. 1408 strips away the rights of individuals in Texas to get notice whenever someone has acquired enough information about them to commit identity theft. Texas law ensures consumers receive notice whenever someone has acquired enough of their sensitive information to commit identity theft, whether that be opening up new accounts or making charges on existing accounts. S. 1408 would eliminate this law, and instead allow the business or entity whose security was breached to decide for itself whether the breach puts individuals at reasonable risk of identity theft, and whether it should notify affected consumers. The weak notification standard of S. 1408 means that consumers will get no notice when no one knows who took the data, or why. Businesses and other entities whose security was breached have no way to know how the information is, or might be, used with someone else. A law that puts the decision about whether to notify in the hands of the entity whose security allowed the problem to occur is unlikely to lead to adequate notice. For example, after the loss of a back up tape reported to contain more than three million unencrypted names and social security numbers, CitiFinancial still claimed that “there is little risk” to consumers. 
  • S. 1408 wipes out Texas law which require financial institutions to provide notice to all individuals that have had their information compromised. S. 1408 exempts entities that are governed by the Gramm-Leach-Bliley Act (GLB), but the GLB notification rules do not apply to non-customers of the financial institution, even if that individual’s information has been compromised. Texas law requires financial institutions to notify all individuals when their information has been compromised, but S. 1408 eliminates that requirement.

 

 

Topics