Monday, May 9, 2005
WASHINGTON, D.C. – In light of the recent rash of identity theft scandals, Consumers Union called on Congress today to enact new safeguards to help reduce the risk of such fraud, require companies to notify consumers when their personal information has been compromised, and provide new rights to help victims limit the damage of this fast growing form of financial crime.
“We’ve been reminded again and again this year how lax security by information brokers, financial institutions, and other companies has left consumers vulnerable to having their personal information fall into the hands of identity thieves,” said Susanna Montezemolo, Policy Analyst with Consumers Union’s Washington, D.C. office. “These companies should be held accountable for keeping sensitive consumer data safe and required to notify all Americans when their identities are placed at risk by a breach in security.”
In letters submitted to members of the Senate and House Energy & Commerce Committees, Consumers Union called on Congress to enact a series of reforms, including safeguards that:
• Reduce the risk of identity theft: Congress must impose strong requirements on information brokers to protect the data they hold and to screen and monitor the persons to whom they make that information available. Creditors should be required to take additional steps to verify the identity of an applicant when there is a sign of ID theft. And Congress should restrict the sale, sharing, display, and secondary use of Social Security numbers.
• Require notice of breaches of sensitive information: Congress must impose requirements on businesses, nonprofits, and government entities to notify consumers when an unauthorized person has gained access to sensitive information pertaining to them. Consumers need prompt and proper notice, including information on what kind of data has been stolen.
• Ensure that victims have rights: Congress should strengthen the Fair and Accurate Credit Transactions Act (FACTA) to provide greater protections for consumers at risk of identity theft and those who have already become victims. FACTA can be made more effective by extending the initial fraud alert period from 90 days to one year, automatically sending consumers with a fraud alert a free credit report, and giving consumers who receive a notice of a security breach the right to an extended fraud alert.
Consumers Union also called on Congress to authorize federal, state, local, and private enforcement and provide funding for law enforcement to pursue multi-jurisdictional crimes promptly and effectively. The group emphasized that victims also need tools to fix the problem once the breach occurs – such as making sure there is a clear process for preventing identity theft and repairing credit once a breach occurs, providing for free credit monitoring, and covering the costs of fixing the problem.
“Currently, when a company improperly breaches a consumer’s sensitive information, the onus is on that consumer – the victim – to fix the problem,” said Montezemolo. “If a company has put a consumer at risk of having their identity stolen, it should be obligated to help clean up any mess it created because of lax security practices.”
For more information:
Susanna Montezemolo: 202-462-6262
Gail Hillebrand: 415-431-6747, ext 136