AUSTIN—Texas has been
an early leader in the fight to prevent identity theft, but tough laws adopted
in recent years are being threatened by an industry effort to preempt the standards
at the federal law, warned a consumer advocacy group today. Senator Hutchison
(R-TX) and other members of the Senate Commerce committee will vote on the proposal
on Thursday.
“In recent years, Texas
and other states have led the way in the fight against identity theft with innovative
laws to give consumers more control over their financial information,”
said Luke Metzger, Advocate with the Texas Public Interest Research Group (TexPIRG).
“Unfortunately, industry is pushing Congress to pass weak identity theft
legislation that would wipe out these state laws, and replace them with weaker
protections.”
Identity theft is a growing
crisis in America. A national survey commissioned by the FTC demonstrates that
an estimated 10 million Americans are victimized by identity theft each year.
Easy access to consumers’ confidential identifying information, including
social security numbers, has contributed to this epidemic. Credit card companies,
merchants, credit bureaus and other businesses do not adequately safeguard consumers’
private financial information, making it relatively easy for thieves to steal
this data and use it to take out new credit or to rack up charges on existing
accounts.
To guard against these harms,
Texas has passed a number of measures in recent years to give consumers more
control over their financial identity. Unfortunately, S. 1408 (Smith-Bill Nelson)
would preempt Texas’ security freeze and security breach notification laws,
and would replace them with much weaker protections, for example:
- S. 1408 weakens Texas’
security freeze law by creating huge loopholes. Current Texas law allows victims
of identity theft to block most inquiries into their credit report.
- S. 1408 only applies to new credit accounts that are used only for personal
use. That means identity thieves still will be able to open other accounts.
This would make the security freeze law worthless as identity thieves could
do the following in your name:
- Open cell phone accounts, rent apartments, and apply for jobs.
- Open business
credit cards using their victims' identities.
-S. 1408 weakens the Texas
security freeze law which requires the bureaus to notify consumers of their
right to place a freeze on their credit files; under this bill, bureaus are
not required to make that notification.
-S. 1408 weakens the Texas
security freeze law that allows consumers to temporarily suspend the security
freeze not only for a specific period of time but also for a particular party.
-S. 1408 weakens Texas law
which prohibits fees for temporarily suspending a freeze, and that imposes a
reasonable cap on any other fees the bureaus may charge consumers for using
the freeze.
-S. 1408 weakens TX security
freeze law that specifically includes a private right of action.
-S. 1408 strips away the
rights of individuals in Texas to get notice whenever someone has acquired enough
information about them to commit identity theft. Texas law ensures consumers
receive notice whenever someone has acquired enough of their sensitive information
to commit identity theft, whether that be opening up new accounts or making
charges on existing accounts. S. 1408 would eliminate this law, and instead
allow the business or entity whose security was breached to decide for itself
whether the breach puts individuals at reasonable risk of identity theft, and
whether it should notify affected consumers. The weak notification standard
of S. 1408 means that consumers will get no notice when no one knows who took
the data, or why. Businesses and other entities whose security was breached
have no way to know how the information is, or might be, used with someone else.
A law that puts the decision about whether to notify in the hands of the entity
whose security allowed the problem to occur is unlikely to lead to adequate
notice. For example, after the loss of a back up tape reported to contain more
than three million unencrypted names and social security numbers, CitiFinancial
still claimed that “there is little risk” to consumers.
-S. 1408 wipes out Texas
law which require financial institutions to provide notice to all individuals
that have had their information compromised. S. 1408 exempts entities that are
governed by the Gramm-Leach-Bliley Act (GLB), but the GLB notification rules
do not apply to non-customers of the financial institution, even if that individual's
information has been compromised. Texas law requires financial institutions
to notify all individuals when their information has been compromised, but S.
1408 eliminates that requirement.
