THIS STORY HAS BEEN FORMATTED FOR EASY PRINTING

Bill lets consumers lock down credit reports

Plan to halt ID theft also forces firms to report data breeches

Email|Print|Single Page| Text size + By Ross Kerber
Globe Staff / July 19, 2006

A bill pending before the state Legislature would allow consumers to lock down their credit reports free of charge as a way to fight identity theft, an idea that has caught on in other states after a spate of security breaches that compromised the personal data of millions of individuals.

The bill would also require companies to notify individuals and authorities if they lose large amounts of consumer information.

The measure's supporters include state Senator Michael Morrissey, a Quincy Democrat who said the two provisions would do as much to prevent identity theft as past changes like removing Social Security numbers from driver's licenses. ``If that's all we could put together this year, I would claim victory," he said of the bill.

The Romney administration supports the bill's provisions, but Morrissey and other backers say senior Democrats, including House Speaker Salvatore F. DiMasi , are not making the bill a priority before the legislative session ends July 31. A spokesman for DiMasi declined to comment on the bill.

The bill would give consumers the right to put a ``freeze" on information that could be provided about them by consumer reporting agencies , including Experian Inc. of California, Equifax Inc. of Atlanta, and TransUnion LLC of Chicago. The freeze would make it harder for someone to use fraudulently obtained information to get credit from a merchant or financial institution, because only the original consumer would be able to allow access to that data. Once requested in writing, the freeze would stay in place for five years.

The bill would also require any company or organization that knows personal data has been compromised to notify authorities and individuals within seven days of the nature of the breach and the number of people affected.

The bill's concepts have been criticized by the credit reporting industry, which says consumers already have free options to fight fraud. But consumer organizations such as the Massachusetts Public Interest Research Group and the Consumer Federation of America say the changes are needed in light of high-profile breaches of data this year. The free antifraud options don't do much, said Eric Bourassa, financial policy analyst of MassPIRG.

Data breach cases this year include the disappearance of laptop computers from Fidelity Investments and the Veterans Administration containing personal data about thousands of individuals. In another case in January, credit card numbers of some Boston Globe subscribers were inadvertently released.

Last year, data breach cases at 151 companies and organizations affected more than 57.7 million people, according to the Identity Theft Resource Center, a San Diego nonprofit , with about half the incidents involving schools and universities.

Many of the cases might not have been disclosed were it not for a California law that required companies to begin notifying customers if data were compromised, said Representative William M. Straus, a Mattapoisett Democrat who helped write the Massachusetts bill .

The California law applies to any company doing business with consumers living in that state, effectively applying to most large US corporations.

But without such a requirement in Massachusetts, Straus said, ``It's certainly conceivable that we could have a case in Massachusetts where we have had a data breach occur and, in the absence of a law, they wouldn't be required to tell their customers."

States that have passed similar laws in recent years also include Connecticut and New Hampshire, over the objections of the credit bureaus and other business groups that have argued that rules are best decided by federal legislation.

David Rubinger, an Equifax spokesman, said the company has been in talks with congressional leaders to achieve some common laws rather than a patchwork of state rules, though he said it is too soon to discuss what specifics the company would prefer to see. He also said the company already offers options for people who fear their information has been compromised. These include a free option to have their files marked with a ``fraud alert" telling potential lenders to take extra steps to verify a borrower's identity, and a $12.95-a-month service that sends consumers an e-mail when their credit file is changed.

Rubinger said a freeze would make it harder for consumers to gain credit quickly when they want it.

``We're still of the belief that a file freeze isn't what many consumers would want, because it takes them out of the credit-reporting economy," he said.

Ross Kerber can be reached at kerber@globe.com.

© Copyright 2008 Globe Newspaper Company.

more stories like this

  • Email
  • Email
  • Print
  • Print
  • Single page
  • Single page
  • Reprints
  • Reprints
  • Share
  • Share
  • Comment
  • Comment
 
  • Share on DiggShare on Digg
  • Tag with Del.icio.us Save this article
  • powered by Del.icio.us
Your Name Your e-mail address (for return address purposes) E-mail address of recipients (separate multiple addresses with commas) Name and both e-mail fields are required.
Message (optional)
Disclaimer: Boston.com does not share this information or keep it permanently, as it is for the sole purpose of sending this one time e-mail.