Citizen Agenda: An Update For Members Of CALPIRG

 
CALPIRG.ORG
 HOW YOU CAN HELP

Top Stories


Bill Shock and Other Cell Phone Woes
 


BILL SHOCK AND OTHER CELL PHONE WOES—Cell phone use continues to increase and consumer complaints have skyrocketed. Because few federal regulations exist for cell phones, California and other states must enact policies that protect consumers.

Congress Toes The Data-Dealer Line On Identity Theft

Identity theft is now the nation’s fastest-growing crime. Yet while some people accept identity theft as an unfortunate byproduct of today’s fast-paced, information age economy, there’s a very simple reason why identity theft is growing, and it has little to do with the growing sophistication of identity thieves. Consider:

• Banks, credit card companies and other financial institutions are gathering more personal information than ever before—almost always without the customer’s consent. Only California has enacted a strong law requiring consumer consent before sharing and selling these confidential dossiers, but the law is under threat of court repeal after a lawsuit by the banks.

• As technological advances have made it easier to transmit information, data-dealing has become big business. Two relatively young companies, ChoicePoint (founded 1997) and Acxiom (founded in 1969), are each billion-dollar database businesses selling virtually unregulated records on nearly every adult American to businesses and government agencies.

According to Washington Post reporter Robert O’Harrow’s new book “No Place To Hide:” “It’s not just names, ages, addresses, and telephone numbers. The computers in Acxiom’s rooms also hold billions of records about marital status and families and ages of children. They track individuals’ estimated incomes, the value of their homes, the make and price of their cars. They maintain unlisted phone numbers and details about people’s occupations, religions, and ethnicities.”

• Too often, a bank or credit card company handles this information Newswith little regard to the interests of the customer. In many cases, identity thieves have gained access to bank or credit card accounts by simply buying the personal data that can unlock these accounts—for as little as $6 for each credit report illegally obtained.

Don’t get me wrong. Identity thieves deserve to be punished, but even with the best of precautions in place, they’ll continue to prey on vulnerable consumers. But the best of precautions are not in place. And if you want to find out why, a good place to start is the U.S. Capitol.

The Data Dealer Protection Law
In 2003, the pressure on Congress to do something about identity theft had reached new heights.

Yet while Congress purported to act on behalf of consumers, the law that emerged from the Capitol that year was, in fact, largely shaped by lobbyists for banks, credit card companies, credit reporting bureaus and retailers. For instance:

The industry had already adopted many of the “reforms” included in the law as standard practices, including the right to a “fraud alert” on your credit report.

Yet even though these practices were standard, the credit card industry insisted upon—and won—a provision shielding the industry from lawsuits if individual companies ignored the law.

Worst of all, the industry lobbyists convinced Congress to prevent states from passing many stronger laws to stop identity theft. We managed one small victory, convincing Congress to force credit bureaus to give consumers one free credit report per year.

Yet even this innocuous requirement was adopted over the fierce objections of the credit bureaus, which derive a growing share of their revenue from selling identity theft protection services to consumers. (Ironically, of course, that revenue is growing in part because lax credit bureau practices make it easy for identity thieves to gain access to bank account numbers and other personal data.)

A more accurate name for the law, dubbed the Fair and Accurate Credit Transactions (FACT) Act by its congressional backers, would be the Data Dealer Protection Law.

ChoicePoint Breach A Break
While the law preempted most state action on the issue, it did allow a narrow window for state-level reform. States are prohibited from improving on any of the modest new federal reforms, but they may experiment with reforms in areas that the Congress was silent on.

In 2004, CALPIRG joined Consumers Union (publishers of Consumer Reports) in creating model state legislation to prevent identity theft, modeled on several previously-adopted, CALPIRG-backed laws.

In 2005, our proposal gained momentum in the wake of a series of well-publicized security breaches at major companies. The wave began in February when ChoicePoint, a little-known but giant data broker, disclosed that it had sold detailed dossiers on 145,000 Americans to identity thieves.

The breach might never have become public had it not been for California laws. Forced by the law to disclose the breach to California consumers, ChoicePoint came under pressure from attorneys general in other states. They successfully pressured ChoicePoint to come clean across the country.

Within months, a cascade of similar problems became public, including breaches of security at Bank of America, Citigroup, and even DSW Shoe Warehouse. At least 50 million Americans saw their financial security put at risk by sloppy practices at some of the nation’s top financial institutions and retailers.

The publicity, of course, only helped CALPIRG make the case for our model identity theft legislation. This year, 27 states have filed security freeze bills, including California and Texas, which have filed bills to strengthen their existing laws—giving consumers more control of their credit reports.

Additionally, 27 states have filed “security freeze” bills, which give consumers control over their credit reports. This legislation has drawn fierce opposition from credit bureaus and other opponents, and yet six new states enacted credit freeze laws. Further, the New Jersey General Assembly has passed what would be the strongest security freeze law in the country. The bill is expected to be signed.

Will Congress Rescue The Data Dealers Again?
The good news is that Congress is now considering at least six major proposals to enact similar federal laws. The bad news is that most of these proposals are weaker than those already enacted by the states and all would permanently override the state rules.

For example, in late August, the Senate Commerce Committee passed S 1408 on a voice vote. While it is commendable that the bill is bi-partisan, unfortunately it is weak. The bill’s freeze protection is weaker than those in nearly every state law so far, and its preemption provision is sweeping.

Meanwhile, as the data dealers continue to let more of our personal information fall into the wrong hands, the industry is reaping an estimated $1 billion per year in “identity theft protection” products and services. Talk about adding insult to injury! It’s time to hold the data dealers accountable for their sloppy practices.

It’s time to restore more control over our personal information to where it rightfully belongs, in the hands of the consumer. More and more states are taking up this challenge.

It may be too much to ask right now to expect Congress to join the states in siding firmly with American consumers over the data dealers. But if we really want to slow down the growth in identity theft, we’ve got to tell Congress: Either lead, follow or get out of the states’ way.
 
MEMBER RESOURCE
Free Credit Report
To get a free copy of your most recent credit report, visit the federally mandated Web site www.annualcreditreport.com.

More On CalPIRG's Identity Theft Prevention Program

CALPIRG Citizen Agenda
Fall 2005
Vol. 20, No. 1

This newsletter is published three times a year by CALPIRG, the consumer advocate. Members contributing $25 or more receive CALPIRG Citizen Agenda. $1.25 of your contribution pays for the newsletter; the rest goes to public interest research, advocacy and other expenses.

 
1107 9th St., Sacramento, CA 95814 • (916) 448-4516 •