Fact Sheet 11 April 2003

Put the FAIR Back In

Fair Credit Reporting

  Overview of PIRG’s Privacy and Identity Theft Platform Return To PIRG's Credit Reporting and ID Theft Pages

Take Action. Oppose federal proposal that would prevent states from passing stronger privacy laws. 3 Sept 03 Take Action: Urge Congress To Protect State Identity Theft and Financial Privacy Laws. Find out more.

Support ID Theft, Accuracy Reforms

Two laws protect financial privacy. The stronger law, despite some flaws, is the 1970 Fair Credit Reporting Act (FCRA). Industry wrongly seeks to extend (reauthorize) a temporary preemption provision added in 1996, which expires on 1 January 2004. The other law nominally protecting financial privacy is the 1999 Gramm-Leach-Bliley Act (GLB). That law is weak, and largely based on notice, not on consent. GLB does, however, give the states the right to enact stronger financial privacy laws. Privacy will be better protected if the FCRA preemption expires, since opponents of privacy have used a confusing intersection between the two laws to chill state consideration of stronger privacy laws.

Today, in 2003, complaints about credit bureau errors continue. A new report by the Consumer Federation of America shows shocking discrepancies in credit scores derived from credit reports obtained from the three largest credit bureaus. These errors hurt thousands, if not millions of consumers, who end up paying too much for sub-prime home loans and sub-prime credit cards.

Worse, identity theft is skyrocketing. Identity theft complaints led all complaints to the FTC in 2000, 2001, and 2002 and doubled in 2002. Identity theft happens for two reasons: easy availability of Social Security Numbers and sloppy practices of creditors and credit bureaus.

Credit scores derived from credit reports are being used improperly to deny or non-renew insurance, resulting in scrutiny by dozens of legislatures and insurance commissioners. Several states, led by Maryland, Hawaii, Washington State and others, have moved to severely restrict the use of credit scores for insurance purposes. The affected consumers have otherwise perfect insurance claims and payment records.

PIRG’s Platform To Protect Privacy

·         Let FCRA Preemption Expire: Credit bureaus make mistakes that lead to both identity theft and unfair credit denials. On 1 January 2004, a temporary provision blocking many state actions to strengthen the FCRA expires. Congress should let the preemption expire for several reasons, but especially because industry has used it to block stronger state financial privacy laws. The FCRA does not need to be reauthorized by law; powerful industry lobbyists want to weaken it by extending its temporary preemption provision.

·         Protect Social Security Numbers: Enact bills like the 107th’s HR 2036 (Shaw)/S 1014 (Bunning). These bill stop companies from coercing consumers into giving up their Social Security Number as a condition of doing business. Oppose data dealer-backed bills such as the 108th’s S. 228 (Feinstein)/HR 637 (Sweeney). These bills would legalize sweeping business-to-business exceptions to allowing continued use of SSNs.

·         Fight Identity Theft: Strengthen rules so that banks, department stores and credit bureaus stop aiding and abetting identity theft. PIRG supports S 223 (Feinstein-Grassley-Gregg-Corzine) in the 108th—except for its provision immunizing reseller credit bureaus. The 107th Congress House counterpart, HR 3053 (Hooley) is expected to be re-introduced shortly. Although not identical, these bills give consumers tools to prevent identity theft and clear their names it if happens.

·         Ban Insurance Uses of Credit Scoring: State insurance commissioners are flooded with complaints from consumers who are being non-renewed home and auto insurance, even though they’ve never filed a claim. States and Congress should ban unfair uses of credit scores (derived from error-ridden credit reports). Congress should also enact bills such as the 107th’s HR 1176 (Ford) to give consumers free access to credit reports and credit scores. Return To PIRG's Credit Reporting and ID Theft Pages


Right To Sue Credit Bureaus Restricted By Supreme Court.  Statute of limitations too short

Many members, on a bi-partisan basis, introduced PIRG-supported legislation in the 107th to overturn the Supreme Court’s 2001 Andrews vs. TRW decision limiting the statute of limitations for suing credit bureaus to only 2 years following the date of an error, instead of 2 years after a consumer discovers an error. S. 22 (108th) includes an unacceptable version of this correction, that only applies to identity theft victims, not to all consumers who suffer injury due to credit report errors. Further, it only extends the discovery rule to a maximum of 4 years after a bureau commits a violation.

Stop Coercive Demand for Social Security Numbers: Pass Bi-Partisan Bills Similar To 107th Proposals By Shaw (HR 2036) and

Bunning (S 1014)—Oppose industry-backed alternatives (S 228/HR 637) in the 108th.

Using the SSN as a de facto unique identifier demanded by utilities, banks and even video stores places consumer privacy at risk and makes it easier to find out confidential information, including medical information, about a consumer. Congress should prohibit firms from coercing consumers into providing their SSNs as a condition of doing business. Unlike weaker alternative bills, these bills would not legalize so-called business-to-business use of SSNs—a massive loophole sought by credit bureaus, private detectives, information brokers and other data dealers that would only lead to more stalking and more identity theft. Worse, unless we restrict the SSN, we will never wean business from its over-reliance on a number intended to be used for limited government purposes.

Identity Theft Reform: Support S 223 (Feinstein-Grassley-Gregg-Corzine): Comprehensive ID Theft legislation based on PIRG/Privacy Rights Clearinghouse Platform

-- Banks, department stores and credit bureaus aid and abet identity theft.

Sloppy practices by banks, department stores and credit bureaus have led to an epidemic of identity theft affecting an estimated 500-700,000 victims annually. The victims spend an average of $800 out-of-pocket and 175 hours clearing their names of false, fraudulent information that causes them to be denied legitimate credit and insurance in their own names and ruins their lives. Congress and the states must impose stiffer duties on credit bureaus, banks and department stores to match credit applications better. S. 223 would provide consumers with several tools: an annual free credit report, make fraud alerts effective, make it tougher for id thieves to obtain credit in your name at a new address and protect credit card numbers from fraud. The bill’s safe harbor for reseller credit bureaus, however, must be removed.

It sounds good to lengthen the penalties for identity theft crooks, but it is not enough. Sloppy bank, department store and credit bureau practices must be stopped and consumers must be given tools to protect their names and clear their names.

GLB Inadequate To Protect Financial Privacy:

-- Allow States to Pass Stronger Laws

-- Notice Is Not Enough To Protect Privacy

-- Let Temporary FCRA Expire

The 1999 Gramm-Leach-Bliley Act allowed the establishment of massive financial holding companies and created massive privacy problems due to sharing between affiliates and third parties of confidential details on consumer’s financial lives. So, Congress included Title V to protect privacy. Title V has failed: it is primarily based on privacy policy notices: notice is not enough. Congress knew this. GLB’s Sarbanes amendment supposedly gave the states a clear right to pass stronger privacy laws, but industry has confused the issue. The best hope for state financial privacy laws as GLB intended is the expiration of FCRA preemption, which will prevent unwarranted industry litigation and give states clear authority to enact stronger financial privacy laws applying both to affiliate sharing (notice is the only current protection under federal law) and third party sharing (some but not all transactions are subject to a weak opt-out).

For more information: Contact Ed Mierzwinski at the state PIRG national office, 202-546-9707x314 or see http://www.pirg.org/consumer

U.S. PIRG  ***  218 D St, SE *** Washington, DC 20003
Return To PIRG's Credit Reporting and ID Theft Pages