Today,
the State House Committee passed HB-1119 to help stop identity theft.
HB-1119 requires a company upon being breached to inform any individual
that he/she may be vulnerable to identity theft as a result of the
security breach.
"Identity
theft is the top consumer crime in Colorado. Colorado is one of two
states that do not have strong laws on the books to prosecute criminals
for identity theft. Last year, the state ranked fifth, up from 11th
three years ago, in the nation for the number of identity-theft victims
per capita, according to the Federal Trade Commission (FTC). Complex
identity theft crimes occur when thieves steal Social Security Numbers
or other personal data and use the information to take funds by opening
credit card accounts, renting homes or obtaining loans," said Rex
Wilmouth Director of CoPIRG (Colorado Pubic Interest Research Group).
Easy
access to consumers' confidential identifying information, including
social security numbers, has contributed to this epidemic. Credit card
companies, merchants, credit bureaus, and other businesses do not
adequately safeguard consumers' private financial information, making
it relatively easy for thieves to steal this data and use it to take
out new credit or to rack up charges on existing accounts.
"Victims
of identity theft literally have their lives stolen. They face credit
and mortgage denials, out-of-pocket costs, and even arrest when
mistaken for the thief using their name," said Wilmouth. The Federal
Trade Commission (FTC) estimates that it took the average victim of
identity theft in 2004 600 hours and an average of $1,495 to clear
their name; cases average two to four years to be resolved. This is up
from 175 hours and $808 in out-of-pocket expenses in 2000. The FTC
estimates that identity theft cost consumers $5 billion and businesses
$48 billion last year. And when a business, institution or other entity
is sloppy with consumers' personal information, it's the victim that is
responsible for cleaning up the mess. “It is time to prevent the crimes
by safeguarding personal information," said Representative Marshall the
sponsor of the bill.
"Often,
all a thief needs is a social security number to open an account
fraudulently, and rack up charges in an innocent victim's name," said
Rex Wilmouth. Social security numbers were originally only meant for
the federal government's use to track wages and benefits. But now,
these numbers are used by a multitude of public and private
institutions—such as health insurance companies, universities, cell
phone companies, utility companies, and others—as identification
numbers, or as a security measure to confirm an individual's identity.
The widespread use of these numbers completely undermines the use of it
as a security measure. Widespread use of social security numbers also
provides numerous opportunities for identity thieves to gain access to
valuable information.
If
a theft were to obtain someone's personal information, he would start
to steal that person’s identity by opening accounts in that person's
name. This is why HB-1119 is such a valuable tool in preventing
identity theft. By being forewarned about a company's breach, an
individual can then be alert to his credit report, and can request that
the credit bureaus put a fraud alert on his accounts. In July, he will
be able to freeze his accounts when he receives a security breach
notice—“effectively stopping the crime from happening and saving
himself from becoming a victim of identity theft” said Wilmouth.
Consumer
groups, the sponsor, and the industry are working to strengthen the
language for when a company needs to inform individuals of its security
breach.
