IDENTITY THEFT….Since I wrote an article about identity theft in the latest issue of the Monthly, I was interested in Saturday’s Wall Street Journal article about the latest attempts to pass identity theft legislation. It turns out that even in the wake of the ChoicePoint debacle earlier this year, in which personal data on 145,000 people was sold to criminals, Congress still can’t manage to pass even weak new regulations:
Many privacy advocates, casting a suspicious eye on companies that fail to secure personal information, want legislative language in federal legislation similar to the seminal California law that requires disclosure of security lapses regardless of the potential for harm. Businesses say that poses too big a cost burden for them and say notification should be limited to breaches that threaten a “significant risk” of identity theft.
Companies say notification is expensive ? and so is replacing debit and credit cards. America’s Community Bankers, a trade association representing community banks, told a House panel this month that legislation should require those responsible for a data breach to pick up the tab for notifying customers and reissuing cards. It figured that reissuing debit or credit cards can cost as much as $15 each.
….The conflict over consumer notification isn’t the only one stalling legislation. Three Senate committees are divided over a provision in a bill approved by the Commerce Committee during the summer that would let consumers “freeze” their credit reports, blocking access and preventing criminals from opening new accounts under their names.
Several states already allow consumers to do just that, and proponents view the freeze as a main weapon in the fight against identity theft. But credit bureaus, banks and other financial institutions argue that freezes slow down electronic commerce and hurt consumers when they really do need credit.
This is pathetic. There are some genuinely tricky regulatory issues when it comes to identity theft, but requiring disclosure of lost data is a no-brainer. The fact that the credit industry is fighting even a feeble measure like this just shows how unseriously they take the whole issue of identity theft.
The same is true of credit freezes. Basically, a credit freeze prevents credit reporting agencies from revealing your credit history without first getting your express permission. This makes it nearly impossible for thieves to acquire phony credit cards in your name, since card issuers won’t issue new cards without first requesting your credit score from a credit reporting agency. If you’ve frozen your report, you’ll be notified when the request is made and can shut it down immediately.
The downside is that if you apply for new credit, you can’t get it until the credit reporting agency has contacted you first. In other words, no more same-day credit. It might take two or three days instead.
That’s not much of a downside, is it? In fact, for my money, all credit reports ought to be frozen by default. If you prefer to have your report unfrozen ? that is, you’re willing to run the risk of ID theft in return for slightly faster approval of your credit applications ? then you can unfreeze it.
There’s simply no reason for consumers not to have this choice, and the credit industry opposes it solely because the slight delay it introduces might make people think twice about applying for new credit ? and that’s bad for business. Who cares about identity theft when there’s same-day credit to be extended?
The fact is, both of these measures should be no-brainers. The cost is low and the benefit is high. But the credit industry opposes them because they simply don’t care about identity theft. After all, they don’t pay the price when your credit report is wrecked. You do.
That’s why the credit industry should be made responsible for identity theft. If they had to pay damages whenever they lost personal data or falsely issued credit to ID thieves, they wouldn’t be opposing measures like this. They’d be begging for them.