Privacy Rights Clearinghouse
- Richard Holober, CFC
- Mari Frank-attorney, privacy consultant
- Jennette Gayer, CALPIRG
- Gail Hillebrand, CU
- Beth Given, PRC (619) 298-3396
ChoicePoint, Bank of America Scandals Underscore Weakness of Current Laws
The recent security breaches of sensitive customer information held by ChoicePoint and Bank of America have underscored how vulnerable consumers are to threats of identity theft and the need for stronger protections to reduce such fraud. Watchdog groups are calling for new laws that provide proper oversight of businesses that collect and sell sensitive consumer information and tougher safeguards to give consumers the tools they need to stop identity theft before it starts.
“The ChoicePoint scandal and the Bank of America data loss are the tip of the iceberg. The easier it gets to transfer billions of bits of confidential data by pushing a button, the more difficult it is to safeguard our private records,” stated Beth Givens of Privacy Rights Clearinghouse.
Privacy advocates reject ChoicePoint’s claim that it was duped by sophisticated con artists. “News reports suggest that ChoicePoint didn’t do its homework in conducting background checks of businesses that purchase its data. ChoicePoint operates in a shadow world, unregulated and unknown by the Americans whose personal data it sells,” stated Richard Holober, Executive Director of Consumer Federation of California.
If companies like ChoicePoint and Bank of America really cared about our privacy they would be educating us about how to freeze our credit reports and refusing to share our sensitive information without our permission. Instead, Attorneys General from around the country had to demand that ChoicePoint fess up to consumers that their personal information was handed over to crooks,” said Jennette Gayer, CALPIRGs Consumer Advocate.
"ChoicePoint's lack of due diligence shows it does not ‘walk its talk’. This is a company that claims to be the leader in providing products and services so that their customers can fight fraud and identity theft - yet instead they have exposed perhaps millions of innocent and unaware Americans to the danger of identity fraud. It's hypocrisy in the quest for profit,” stated Mari Frank, attorney, author of Safeguard Your Identity.
Consumer and privacy advocates are calling for legislation that:
- Requires information brokers to protect consumers' personally identifiable information. Mandatory federal standards must address issues including: security, customer screening, fraud detection, and an opportunity for consumers to see and correct information held about them.
- Requires all businesses to tell anyone whose sensitive information has been compromised, through improper release, or unauthorized access to electronic information and paper files (paper files are currently not covered by California law). The notice should include what specific information was released.
- Authorizes any individual whose data was compromised to place a seven year fraud alert on his or her credit report. A fraud alert requires creditors to contact the consumer before issuing credit in their names. Currently a seven year alert is available only for consumers who are already identity theft victims. This is like getting a flu shot after you have contracted the flu. A longer than 90 day period for an early fraud alert would help to prevent identity theft.
- Gives any individual the right to place a free security freeze on his or her credit report. A security freeze would allow the consumer to control the release of confidential data, and would allow the consumer to lift the freeze on a selective basis, for example, when applying for a mortgage. Any individual who receives a notice of an unauthorized release of confidential data should be entitled to a security freeze at no cost. Individuals should be able to establish a security freeze for preventive purposes at no cost. For a list of pending state bills proposing to give consumers the right to a security freeze, see: www.financialprivacynow.org .
- Grants consumers who have received a notice of unauthorized release of data the right to get a police report. Some state laws give this right, others do not. A police report is needed to place a seven year fraud alert on a credit report.
"Consumers need stronger safeguards to prevent identity thieves from ruining their credit," said Gail Hillebrand, of Consumers Union. "These reforms will give consumers the notice they need to be on guard for identity theft when their information has been compromised by a security breach. And by giving consumers the right to put a security freeze on their credit file, they'll be able to prevent crooks from getting credit in their names."
The proposals are supported by these organizations:
Calegislation ▪ CALPIRG ▪ Consumer Federation of California ▪ Consumers Union ▪ Privacy Rights Clearinghouse ▪ World Privacy Forum