Consumer Federation of California

NEWS RELEASE

Privacy Advocates Call for Tough Regulation of Financial Data and Stronger Identity Theft Protections

Calegislation ‘ CALPIRG ‘
Consumer Federation of California ‘ Consumers Union ‘
Privacy Rights Clearinghouse ‘ World Privacy Forum

For release March 1, 2005

Contacts: Richard Holober, CFC (650) 307-7033 cell ‘ Jordana Beebe, PRC
(619) 298-3396 ‘ Mari Frank-attorney, privacy consultant (949) 350-
7511 (cell) ‘ Jennette Gayer, CALPIRG (213) 251-3680 x333 ‘ Gail
Hillebrand, CU (415) 431-6747 ‘ Beth Givens, PRC (619) 823-7583

ChoicePoint, Bank of America scandals underscore weakness of current laws

The recent security breaches of sensitive customer information held by
ChoicePoint and Bank of America have underscored how vulnerable
consumers are to threats of identity theft and the need for stronger
protections to reduce such fraud. Watchdog groups are calling for new
laws that provide proper oversight of businesses that collect and sell
sensitive consumer information and tougher safeguards to give consumers
the tools they need to stop identity theft before it starts.

"The ChoicePoint scandal and the Bank of America data loss are
the tip of the iceberg. The easier it gets to transfer billions of bits
of confidential data by pushing a button, the more difficult it is to
safeguard our private records," stated Beth Givens of Privacy Rights
Clearinghouse.

Privacy advocates reject ChoicePoint’s claim that it was duped
by sophisticated con artists. ‘News reports suggest that ChoicePoint
didn’t do its homework in conducting background checks of businesses
that purchase its data. ChoicePoint operates in a shadow world,
unregulated and unknown by the Americans whose personal data it sells,’
stated Richard Holober, Executive Director of Consumer Federation of
California.

If companies like ChoicePoint and Bank of America really cared
about our privacy they would be educating us about how to freeze our
credit reports and refusing to share our sensitive information without
our permission. Instead, Attorneys General from around the country had
to demand that ChoicePoint fess up to consumers that their personal
information was handed over to crooks,’ said Jennette Gayer, CALPIRGs
Consumer Advocate.

"ChoicePoint’s lack of due diligence shows it does not ‘walk
its talk’. This is a company that claims to be the leader in providing
products and services so that their customers can fight fraud and
identity theft – yet instead they have exposed perhaps millions of
innocent and unaware Americans to the danger of identity fraud. It’s
hypocrisy in the quest for profit,’ stated Mari Frank, attorney, author
of Safeguard Your Identity.

Consumer and privacy advocates are calling for legislation that:

‘ Requires information brokers to protect consumers’
personally identifiable information. Mandatory federal standards must
address issues including: security, customer screening, fraud
detection, and an opportunity for consumers to see and correct
information held about them.

‘ Requires all businesses to tell anyone whose sensitive
information has been compromised, through improper release, or
unauthorized access to electronic information and paper files (paper
files are currently not covered by California law). The notice should
include what specific information was released.

‘ Authorizes any individual whose data was compromised to place
a seven year fraud alert on his or her credit report. A fraud alert
requires creditors to contact the consumer before issuing credit in
their names. Currently a seven year alert is available only for
consumers who are already identity theft victims. This is like getting
a flu shot after you have contracted the flu. A longer than 90 day
period for an early fraud alert would help to prevent identity theft.

‘ Gives any individual the right to place a free security freeze on his
or her credit report. A security freeze would allow the consumer to
control the release of confidential data, and would allow the consumer
to lift the freeze on a selective basis, for example, when applying for
a mortgage. Any individual who receives a notice of an unauthorized
release of confidential data should be entitled to a security freeze at
no cost. Individuals should be able to establish a security freeze for
preventive purposes at no cost. For a list of pending state bills
proposing to give consumers the right to a security freeze, see:
www.financialprivacynow.org.

‘ Grants consumers who have received a notice of unauthorized
release of data the right to get a police report. Some state laws give
this right, others do not. A police report is needed to place a seven
year fraud alert on a credit report.

"Consumers need stronger safeguards to prevent identity thieves
from ruining their credit," said Gail Hillebrand, of Consumers Union.
"These reforms will give consumers the notice they need to be on guard
for identity theft when their information has been compromised by a
security breach. And by giving consumers the right to put a security
freeze on their credit file, they’ll be able to prevent crooks from
getting credit in their names."

The proposals are supported by these organizations:

Calegislation

CALPIRG

Consumer Federation of California

Consumers Union

Privacy Rights Clearinghouse

World Privacy Forum