Colorado legislators seek tougher consumer protections against ID theft

Colorado legislators seek tougher consumer protections against ID theft

(AP Photo/David Zalubowski, file)

It wasn’t the breach at Equifax, the national credit reporting agency, that caused his problems. It was through a health insurance company, a fact he called frightening and daunting.

Wist said his experience, and a second one in which a meth ring stole his Social Security number, points to the need for greater consumer protection in Colorado. Wist and Rep. Jeff Bridges, D-Greenwood Village, worked with the state Attorney General’s Office to come up with House Bill 1128 to better protect Coloradans.

The measure takes aim at more than credit reporting agencies such as Equifax, which reported last September that hackers had obtained the personal information of 143 million Americans, the largest such breach in U.S. history.

Any company or government that uses personal information – insurance or credit card companies or companies that do background checks, for example – would be affected by the bill.

It has three provisions: Companies that use personal information must delete it as soon as it’s no longer needed; the information must be kept secure; and consumers must be notified quickly when breaches occur, through phone, email, the postal service or a combination of those means. Information covered under the bill includes first name or initial, last name, Social Security number, driver’s license or identification card number; account numbers, such as from credit or debit cards; health insurance and medical information; user names, passwords and security questions and answers.

Timeliness of notification is critical, Wist said Monday. The bill requires the company or government to notify the Attorney General’s Office of a breach within seven days; for consumers, it’s 45 days. The disclosure would include a description of the information compromised; the date of the breach; toll-free numbers, addresses and websites for consumer reporting agencies and the Federal Trade Commission; and information on how the consumer can contact the entity that was breached.

The Equifax breach was handled badly, Bridges said. The website looked "spammy," and the company even tweeted a fake phishing site to consumers for days after the breach was discovered, he said.

Attorney General Cynthia Coffman was interested in the issue before Equifax was breached, he said, congratulating her for keeping the issue in the forefront.

He acknowledged that this measure may be an additional burden on companies. But anyone who holds such information has an obligation to protect it, he said.

"Everyone knows this is a problem, but when it happens to you, it’s a nightmare," Wist said.

Two other nearly identical measures introduced last week also seek to protect consumers in the wake of the Equifax breach.

The first, sponsored by Rep. Polly Lawrence, R-Roxborough Park, would allow a parent or guardian to put a security freeze on the consumer report of a child under age 18.

A bill sponsored by Speaker of the House Crisanta Duran, D-Denver, and Rep. Kim Ransom, R-Littleton, would make a security freeze mandatory for those under age 18.

A fourth such measure now awaiting House action is an opt-out bill by Rep. Dave Williams, R-Colorado Springs. All have been assigned to the House State, Veterans and Military Affairs Committee, which is not expected to act as a "kill" committee on this issue. The Wist/Bridges and Lawrence bills are scheduled for a Feb. 7 hearing.

Source Article

Leave a Reply

Your email address will not be published. Required fields are marked *