Welcome to Consumer Reports Advocacy

For 85 years CR has worked for laws and policies that put consumers first. Learn more about CR’s work with policymakers, companies, and consumers to help build a fair and just marketplace at TrustCR.org

CU praises Senate Identity theft legislation

Bill requires institutions to notify consumers when personal information is lost or stolen.

May 3, 2007

Consumers Union Praises Senate Bill on Identity Theft

Legislation Requires Companies to Notify Consumers
When Sensitive Information is Lost or Stolen

(Washington, DC) — Consumers Union praised the Senate Judiciary Committee today for approving an identity theft protection bill that requires institutions to notify consumers when personal information about them has been involved in a data security breach.

“All it takes is just a few pieces of sensitive information for a crook to steal someone’s identity,” said Gail Hillebrand, Senior Attorney with Consumers Union, nonprofit publisher of Consumer Reports magazine. “Consumers want to know when their personal information has been lost or stolen so they can take steps to protect themselves.”

According to a Federal Trade Commission report, there are nearly 10 million identity theft victims each year. That means 19 people become new victims of identity theft each minute. In the past two years data security breaches at companies, universities, and government agencies have compromised over 150 million records on U.S. consumers.

The Senate Judiciary Committee approved S. 495, which requires institutions to notify consumers when their personal information has been compromised, except if there is no significant risk to the consumer. The bill requires businesses to safeguard sensitive personal information, and would allow state attorneys general to bring enforcement actions against companies that violate the law. S. 495 also gives consumers the right to view and correct personal information held by data brokers.

Last week, the Senate Commerce Committee approved a bill that establishes a weaker data security breach notice requirement, but provides other important protections for consumers. S. 1178 requires companies to notify consumers about a data security breach only when the company decides there is a reasonable risk of identity theft. Like S. 495, the Senate Commerce Committee’s bill requires businesses to safeguard sensitive data and gives state attorneys general the power to enforce the law. The bill also gives consumers the right to place a security “freeze” on their credit files.

Consumers Union has been instrumental in helping to enact security freeze laws in 33 states and the District of Columbia. A security freeze is a preventative tool that allows consumers to place a “lock” on their credit files. With a security freeze in place, consumers can prevent identity thieves from using stolen personal information to open fraudulent accounts.

“Consumers need stronger tools to protect themselves from identity theft, including notice when their sensitive information has been compromised and the right to ‘lock’ their credit from potential predators,” said Hillebrand. “Together — notice and a security freeze — would go a long way toward protecting consumers from identity predators.”

For more information on state security freeze laws, see:

Gail Hillebrand – 415-431-6747