States have been responding to the recent rash of security breaches by passing strong identity theft protections. In the beginning of the year, only four states—CA, LA, VT and TX-- had passed "security freeze" laws that allow consumers to restrict access to their credit reports and prevent thieves from taking out credit in their names. And only California required companies to notify consumers when their personal information had been compromised. Now, a total of ten states have passed security freeze laws and at least fifteen states have passed security breach notification laws based on the CALPIRG-backed California laws. In addition, the New Jersey General Assembly has passed what would be the strongest security freeze law in the country, as it would take a step forward by making security freeze tool easier for all consumers to use. That bill awaits action by the New Jersey Governor, and he has publicly supported the bill.
Unfortunately, as more and more states push for tough ID theft protections, Congress is looking to pass weak identity theft legislation that would preempt the states. Several federal security breach notification bills are pending that would establish notification standards that are weaker than current state laws, and that would prevent states from passing stronger protections. The PIRGs are fighting efforts at the federal level to preempt state consumer laws, and continue to work for strong state identity theft protections. The State PIRGs have new webpage chronicling state successes at http://www.pirg.org/consumer/credit/statelaws.htm
Contacts: CALPIRG Legislative Director Steve Blackledge, sblackledge@calpirg.org, 916-448-4516 x108; NJPIRG Citizen Lobby Advocate Abigail Caplovitz, acaplovitz@njpirg.org, 609-394-8155 x320; Kerry Smith, ksmith@pirg.org, 215-732-3747 (trends on state policy); U.S. PIRG Consumer Program Director Ed Mierzwinski, edm@pirg.org, 202-546-9707 (federal policy issues).
