about jarrettcontact usen español
News Archive

January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006

December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005

December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004

December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
April 2003
March 2003
February 2003
January 2003

August 2002
July 2002
June 2002
May 2002
April 2002
March 2002
January 2002

older news

Security Breaches Are Deja Vu All Over Again
 

The data breach at TJX Companies, the Framingham-based company with over 2,500 retail outlets nationwide, is angering but hardly unprecedented: Citigroup, Bank of America, Lexis/Nexis, and Fidelity, to name few, have all recently experienced serious breaches that have compromised customer security. Just last summer, twenty-six and one-half million US citizens have their personal data -- including social security numbers – “misplaced” by the Department of Veterans Affairs. So why, after all these breaches, do Massachusetts residents have so few protections?

A full month after its data breach, TJX has decided to go public and notify its customers, though no law currently requires they give any notice at all.. Unlike TJX, many Massachusetts businesses have been far quicker to disclose security breaches to their customers. Subscribers to the Boston Globe and the Worcester Telegram & Gazette; shoppers at DSW and BJ’s Whole Sale Club; Boston College and Tufts University alumni; and investors with Fidelity, just to name a few, have all received letters telling them that their personal information was mistakenly exposed and to watch out for identity theft.

Notice of a breach is nice—indeed, without it, a consumer wouldn’t know to take protective actions. But consumers’ efforts to act on this notice quickly reveals how few protections Massachusetts residents have. In Massachusetts there are no state laws protecting these consumers before a theft has happened. Existing federal law is woefully ineffective—a mere ninety-day ‘freeze’ available to victims after they have been victims of ID theft. So if you haven’t been a victim yet, what can you do to protect yourself? Not much.

Massachusetts residents whose personal information has been compromised by the TJX theft deserve basic protections to prevent identity thieves from wreaking havoc on their personal finances. The two essential tools these victims of information breach need to prevent identity theft are straightforward: first, timely notice of a breach so that the consumer can begin to notify creditors and, second, the right to freeze third party access to the consumer’s credit history without his permission before a theft has occurred and without a charge to the consumer.

Almost half the states have stepped in where Congress has failed to act, offering some forms of consumer protections from identity theft. Twenty-three states now require companies and government agencies to notify consumers and law enforcement immediately of any data security breach.

Fourteen states now give consumers the right to put a security freeze on their credit reports. This is the only tool proven to stop identity theft in its tracks, blocking would-be thieves from getting credit in the victim's name. With a security freeze, a consumer can block access to his or her credit report through the use of a password or personal identification number. A security freeze does not hamper a consumer's ability to use existing credit, or seek new credit, as a consumer can temporarily remove the freeze by using their PIN.

Notice requirements and security freezes—along with other protections—are part of legislation I have authored with MASSPIRG and other legislators currently on Beacon Hill. At bottom, they seek to recognize a fundamental legal principle: that individuals own their data and have rights to control who can access them and what must be done if the information is mishandled.

Credit reporting agencies make a lot of money on consumers and on businesses—charging every time someone checks a consumer’s credit, and charging again to offer so-called “protection plans” which charge the consumer for the “favor” of the reporting agency not to share that consumer’s information without permission. The real question is why a consumer should have to pay a third party like a credit reporting agency anything to protect their information. And it is the reason these powerful corporations continue opposing important legislation for all residents of the Commonwealth.

With a new session starting, it is a new day for responsible identity theft legislation that gives consumers real protections—before we’ve all become victims.
 


 
last updated 26-Jan-2007 10:47 AM

The Jarrett Barrios Website is privately paid for and authorized by
The Barrios Committee, Daniel Schlozman, Treasurer
PO Box 391254, Cambridge, MA 02139 (617) 661-1805
Problems? Contact webmaster@senatorbarrios.org

Text portions, photographs, graphics, and source code © 2002-2005, The Barrios Committee. All rights reserved.
Click here for our full Privacy/Copyright/Linking Policy.