Bill weakening consumer protection may reach vote (HR 3997)
It’s tiring trying to keep up with the moving targets that are the new data breach and ID theft bills moving through Congress. But Beth Givens of the Privacy Rights Clearinghouse and Ed Mierzwinski at U.S. PIRG warn consumers that a vote may be approaching next week on HR 3997 (Financial Data Protection Act). This bill covers, among other things, data breach notification and credit freezes. In its current language, it would seriously weaken consumer protection laws nationwide. Although it has improved somewhat since its last incarnation. I will quote from Beth’s newsletter liberally here, because she explains it well. I hope she won’t mind, it’s such an important issue. Please see the PRC web site for details:
Here's why we continue to consider H.R. 3997 to be bad for consumers. At least 34 states have passed laws requiring companies that experience data breaches to notify individuals that their sensitive personal information has been compromised. This enables consumers to take steps to prevent identity theft, such as placing fraud alerts on their three credit reports. The strongest of those state laws, including California's, require that the breached organizations notify individuals in each instance.
H.R. 3997 allows companies to decide whether or not they think the breach will result in harm to individuals before deciding to notify individuals. This is called “trigger language.” We believe this provision will result in many breaches not being disclosed to the affected individuals at all. We don't think companies that experience breaches, especially when SSNs are involved, can foretell the future, at least not at this time. To make matters worse, this bill would pre-empt all of the breach notice laws passed by states, thus wiping out strong consumer protection provisions across the country.
The only good thing to report about H.R. 3997 is that the security freeze provision has been removed. In our previous newsletter , we explained that this bill would only allow victims of identity theft to freeze their credit reports – AFTER the harm has been done. We strongly believe that ALL consumers should have the ability to freeze their credit reports – the ultimate identity theft prevention strategy that individuals have.
Jim at GuardMyCreditFile fires both barrels at Congress pointing a finger at the campaign contributions saying
…And if you want to know why Congress would consider legislation that is so clearly opposed by their constituents, you need look no further than campaign contributions. Two of the bill’s four co-sponsors are on the financial services industries "top 10 list" for campaign donations.
Jim’s blog post has a really cool feature you should check out. If you plug in your address and ZIP, it instantly tells you your US Rep and Senators, without even jumping to another page. And Consumers Union has a web page that makes it very easy to send a message to Congress.
I haven’t yet read the new version of H.R. 3997, but Ed points out:
It also includes a little-noticed provision that immunizes credit bureaus from the so-called credit repair doctor laws, giving them carte blanche to deceive consumers about their over-priced credit monitoring services.
Finally, the PRC, U.R. PIRG, Consumers Union and many others believe that a “competing” bill, HR 4127 is a vastly superior piece of proposed legislation (read their sites to find out why). One of the major reasons I find 4127 attractive is giving all consumers access to secret profiles that are kept on virtually everyone at the many data brokers, as the PRC points out:
H.R. 4127 contains an additional provision that is especially valuable for consumers. It gives individuals new rights to review and dispute information held by the large data brokers such as ChoicePoint and Lexis-Nexis. This industry is unregulated at this time. Yet the data warehouses of information brokers contain detailed profiles on virtually every American adult. It's long overdue for consumers to have access to their data files and to make sure the information is correct.
Update: The U.S. PIRG Consumer Blog says “House Action On Privacy Likely Delayed.”
Update 2: The vote has been delayed.