According to a September 2003 Identity Theft Resource Center study, ID theft victims spend an average of 600 hours and $1,400 in out-of-pocket expenses recovering from the crime and restoring their good name. Businesses suffer losses of more than $92,000 per name used for identity theft, up 410 percent from $18,000 in 2000.
To crack down on identity theft in California, Sen. Debra Bowen has introduced a three-part bill, SB 1279.
The first provision makes it illegal for companies and government agencies to release personal financial information without getting permission from individuals or informing them, as is currently legal.
This provision of SB 1279 stems partly from two different January 2004 incidents involving Bank of America (BofA) and the state Employment Development Department (EDD). In the BofA case, it inadvertently mailed 3,800 tax forms containing people's financial information and their Social Security numbers to the wrong recipients. In the second case, EDD's computer system containing the personal information of about 90,000 people was hacked into, though it's not clear whether any personal information was taken. Current law requires companies and government agencies whose security systems are breached to tell people if their personal information may have been stolen, but it's silent in cases where, for example, a company inadvertently releases the same personal information.
SB 1279 expands current law to require government agencies and businesses to notify people anytime their sensitive personal information is exposed. It also requires government and businesses to provide people whose personal information is exposed with free credit monitoring services for two years.
The second piece of SB 1279 gives every Californian the right to add a password to their credit report. Unlike the credit report freeze created by Bowen's 2001 law (SB 168), the credit report password functions as an additional identifier that must be matched before a credit report can be pulled and before new credit can be approved. Without the password, identity thieves using stolen Social Security numbers and other personal data will be denied credit because they won't be able to give the financial institution all of the information that unlocks their victim's credit report.
The third and final provision of the bill prevents hotels and other businesses that use key cards for facility and room access from putting people's personal data (name, address, Social Security number, credit card number, etc.) on the key card.
SB 1279 will be assigned to a senate policy committee in the coming weeks.
