July 24, 2006 – The US House of Representatives is poised to consider a bill that would make it more difficult for consumers to protect their credit from identity thieves.
Backed by the lucrative financial-services industry, the Financial Data Protection Act of 2005 would narrow the circumstances in which consumers could restrict their credit activity to prevent fraudulent borrowing, and it would undermine stronger state-based reporting rules for companies that hold and sell consumer data.
"It's shocking that at a time when data breaches are in the headlines daily and consumers are at greater risk than ever [of] identity theft, Congress would choose to vote on a bill that would strip consumers of their existing identity-theft protections," Susanna Montezemolo, policy analyst with Consumers Union, said in a press statement. Consumers Union publishes Consumer Reports magazine.
Companies that stand to gain from the legislation have spent a small fortune on campaign contributions and lobbying.
In the last two election cycles, finance and credit companies have donated more than $12.5 million to political campaigns, and in 2005 alone, the industry spent almost $30 million on lobbying, according to the Center for Responsive Politics, which tracks moneyâ€™s influence on government.
Two of the Actâ€™s four co-sponsors are on the industryâ€™s top-ten recipient list for the House: Michael Castle (Râ€“Delaware) took in a total of $116,616, and Dennis Moore (Dâ€“Kansas) got $67,729. Another co-sponsor, Deborah Pryce (Râ€“Ohio), received $22,500 from the industry.
One of the most controversial provisions of the bill would make it much more difficult for consumers to "freeze" their credit, a process that enables consumers to make it nearly impossible for anyone â€“ including the consumer him or herself â€“ to open new credit cards without first going through extra security precautions.
Currently, a handful of states allow consumers to freeze their credit at will in order to protect themselves against fraud. But the bill would change the rules so that consumers in all states would have to supply evidence that identity theft has occurred before obtaining a freeze.
Since their business models rely on consumers having easy access to credit and creditors having easy access to individualsâ€™ financial information, finance and credit companies stand to gain from this provision. But opponents of the bill say those seeking to protect their credit have a lot to lose.
"It's like telling someone you can't put a deadbolt on your front door until after you've been burglarized," Washington state Attorney General Rob McKenna told the Washington Post.
Another provision that has consumer advocates protesting would set federal rules for when companies that hold and sell personal financial data must investigate and report security breaches.
The most notorious of such companies is ChoicePoint, which came to the national spotlight in early 2005 when it announced that potential identity thieves had posed as fake businesses and gained access to the files of tens of thousands of consumers.
Opponents of the Financial Data Protection Act suggest that the ChoicePoint debacle may never have come to light if not for Californiaâ€™s relatively strong consumer-protection law that required the firm to notify consumers in that state whose data may have been breached.
The Financial Data Protection Act would pre-empt Californiaâ€™s law as well as those in dozens of states that have stronger protection regulations than the ones being proposed at the national level.
The Act under consideration by the House would leave it up to companies to investigate security breaches and determine whether there is a "likelihood that such information has been, or will be, misused in a manner that may cause harm or inconvenience to the related consumer" before having to tell government agencies or notify consumers that their information may have been compromised.
To Montezemolo of Consumers Union, Congress is putting the decision in the wrong hands. "Consumers are the greatest protectors of their own personal information," she said, "yet the bill moving forward would let companies decide whether they would notify consumers about security breaches."