ID theft measure set for final OK
|By April Simpson|
|7/17/2007 – The state Senate is poised to give final approval today to a bill that would allow consumers to block new credit accounts in their name, require businesses and governments to alert consumers of security data breaches, and set standards for the disposal of records containing consumers’ personal information.
Sign up for: Globe Headlines e-mail | Breaking News Alerts The compromise, which was approved by the House last week, follows high-profile security breaches at Fidelity Investments, The Boston Globe, and Framingham retailer TJX Cos., which earlier this year told customers that hackers had gained access to more than 45 million credit- and debit-card numbers from its computers.
“We wanted to get a good bill out, and we got a good bill out that would give individuals peace of mind that if their personal data is lost or stolen, they will be notified,” said state Representative Michael J . Rodrigues, Democrat of Westport, a sponsor of the identity theft bill who helped craft the compromise.
The legislators who ironed out the few differences between the House and Senate versions of the consumer-protection legislation said the bill is a user-friendly way for customers to protect their personal information.
The bill would require companies and agencies to notify customers or clients of any security breaches that may place their personal information at risk, said state Representative William M . Straus, Democrat of Mattapoisett, who also sponsored the bill.
The information generally would include a Social Security number and identifying information that would allow a criminal to open a credit account in someone else’s name.
Under the bill, consumers could also pay $5 to block new credit accounts.
Consumers would create a password or PIN number that would authorize whether the three major credit reporting agencies could release their information in response to a credit application, according to Eric Bourassa, an advocate for MassPIRG, a nonprofit consumer group.
A third part of the bill sets standards for government and businesses to dispose of records of consumers’ personal information, including paper, computer, and biometric records, such as fingerprints and eye scans.
“The typical destruction method would be shredding, incinerating, or what’s called pulverizing,” Straus said.
“That, from a long-term sense, may end up being the most important part of the bill, because hopefully less sources of information about people will get inadvertently disposed.”
Bourassa said he was largely pleased with the bill, but pointed out that companies are not required to notify all customers of security breaches but only those whose personal information is deemed to be at risk.
“Obviously, the term ‘risk’ is in the eye of the beholder,” said Bourassa, who said he was concerned that, depending on how risk is defined, some defrauded consumers could slip through the cracks.
Straus and Rodrigues, who sponsored the House legislation, said that it is possible that questions of criminal penalty may arise. But those penalties would be decided by the Judiciary Committee, they said, since this bill’s focus was on protecting consumers.
Bourassa said Massachusetts has lagged behind other New England states in crafting identity theft legislation, “but this bill will put us at the top of the country in terms of being a proconsumer” state.