Testimony of the Maryland Public Interest Research Group
in Favor of HB 281 (Kagan) To Help Stop Identity Theft
By Preventing Coercion of Social Security Numbers By Private Businesses
By Gigi Kellette, MaryPIRG Legislative Associate
14 February 2002
Members of the Committee: MaryPIRG is pleased to endorse HB 281, as introduced, to help consumers protect their Social Security Numbers in the private sector. Unfettered availability of Social Security Numbers, combined with sloppy credit-granting practices of credit card companies and other businesses, makes it easy for identity thieves to ruin a consumer’s life. HB 281 will prevent companies from demanding a consumer’s Social Security Number as a condition of doing business by making it an unfair trade practice to do so, except in limited circumstances. As you may know, MaryPIRG is a non-partisan, non-profit statewide consumer and environmental public interest advocacy organization with members across the state.
We would like to especially recognize and commend Delegate Cheryl Kagan for her national leadership with this proposed legislation to return control of confidential financial information to consumers. MaryPIRG supports  similar bi-partisan federal legislation that has been proposed in Congress by Reps. Clay Shaw (R-FL) and Robert Matsui (D-CA), HR 2036, and its Senate companion bill, SB 1014, sponsored by Senator Jim Bunning (R-KY). Yet, to our knowledge, if the bill were to pass in Maryland, we would be among the first states to enact legislation protecting consumer Social Security Numbers from being demanded as a condition of doing business. If HB 281 were enacted as introduced, Maryland would have the strongest law in the country. We urge Maryland legislators to support the bill and make Maryland a national leader in protecting Social Security Number privacy and fighting identity theft  .
We have discussed this bill with national privacy experts at the Electronic Privacy Information Center and the Privacy Rights Clearinghouse. They concur with our views that preventing access to the Social Security Number in the private sector by enacting HB 281 would be a significant privacy victory.
HB 281 is a simple, straightforward, clearly written bill, which is always a hallmark of good legislation. Yet, the bill is also a common sense approach to the problem that does not go overboard. It prohibits companies from coercing a consumer’s Social Security Number, but includes a clear, bright line exception that makes a great deal of sense and should make it clear that Delegate Kagan’s bill is also a reasonable approach. Whenever a company is required to obtain a Social Security Number by law, it is able to do so under HB 281.
Privacy advocates do not oppose all uses of the Social Security Number. We recognize that exceptions should be permitted where there is such statutory authority. However, allowing companies to routinely demand Social Security Numbers in the private sector has led to over-reliance on Social Security Numbers. In the opinion of both state PIRG experts and other privacy experts, easy availability of Social Security Numbers in the private sector has led to an epidemic of identity theft.
IDENTITY THEFT IS A SIGNIFICANT PROBLEM FOR ITS VICTIMS
Identity theft is a serious national problem that, according to some government estimates, may affect 500,000 or more consumers annually.  The state PIRGs were among the first organizations to respond to the identity theft problem. We have released three major reports since 1996. Our May 2000 report, “Nowhere To Turn: A Survey of Identity Theft Victims” found that identity theft victims spend two years or more removing an average of $18,000 in fraudulent charges from their credit reports. Among the other findings of the report are the following:
· The average amount of time it took victims to resolve their cases was nearly 2 years (23 months). Victims who have not resolved their cases have been dealing with the problem for an average of 44 months.
· Victims spent an average of 175 hours and $808 in out-of-pocket costs (not including lawyer’s fees) trying to fix their problem.
· 76% of the respondents who contacted the police found them to be unhelpful; 60% found credit bureaus, banks and department stores unhelpful.
· 45% of the reported cases involved the victims’ driver’s licenses.
· 15% of the respondents noted that there was a criminal investigation or warrant for their arrest due to their identity theft.
IDENTITY THEFT IS A SIGNIFICANT PROBLEM IN MARYLAND
State PIRG-supported identity theft legislation enacted by Congress in 1998 did two things:
· It criminalized identity theft and made it easier for victims to obtain restitution from the thieves;
· It required that the Federal Trade Commission establish and maintain an identity theft victim clearinghouse.
MaryPIRG has reviewed the most recent data from the U.S. Federal Trade Commission clearinghouse <http://www.consumer.gov/idtheft/charts/01-06c.pdf> on identity theft. The data show that both Maryland and nearby Washington, DC have significant identity theft problems. Maryland is one of only 5 states where the FTC ranks the per capita incidence of identity theft at greater than 30 cases per 100,000 residents. The others are New York, California, Nevada and Oregon. Of 69,000 cases of identity theft reported to the FTC between November 1999 and June 2001, between 1-2000 occurred in Maryland. In addition, nearby Washington, DC is in the Top Ten cities in the city categories reported—number of victims and number of suspects.
These results show that it makes sense for the Maryland legislature to take steps to stop identity theft. The state PIRG report “Nowhere To Turn” details our full platform to combat identity theft. [The report is available on the web at http://calpirg.org/CA.asp?id2=3683&id3=CA&]
PLEASE OPPOSE UNNECESSARY EXCEPTIONS
Limiting access to the Social Security Number is a key aspect of our platform. Credit card companies and credit bureaus have grown sloppy in their credit granting practices. If an identity thief provides as little as a Social Security number and a name in a credit application, a credit report is often issued, without obtaining any other matching elements of the application and the report, such as the consumers’ full name, current address and previous address. When the creditor sees that the credit report reflects a good credit history, that’s all that matters and it issues credit, to the thief. The victim is left to pick up the pieces.
Limiting access to the Social Security Number, which was never intended as a universal identifier, will force creditors, utilities and other companies to rely on better identifiers that are not keys to a consumer’s financial life. That action will reduce identity theft.
We encourage you not to accept amendments to the bill that would broaden its bright line exception (“except for the purpose of meeting a legal requirement”) to allow other firms to coerce a consumer to provide his or her Social Security Number. We expect many that don’t need it will ask for exceptions to HB 281. Telephone companies, cable companies and other utilities often ask applicants for Social Security Numbers, for example, but consumers tell us that when they refuse to give their Social Security Numbers, the company provides service anyway.
These firms can easily obtain credit reports, if needed, by matching several other identifiers in the application and credit report, such as the consumer’s full name, full address, date of birth, telephone number and mother’s maiden name. The Social Security Number is unnecessary and its use is driving the epidemic of identity theft.
In summary, MaryPIRG believes that enactment of Delegate Kagan’s bill, HB 281, will help end reliance on Social Security Numbers as identifiers in the private sector. In fact, the bill will extend protections to the private sector that are already provided before government agencies are allowed to ask for a Social Security Number (see Section 7 of the Privacy Act  ). This is an important step that will not only help end identity theft, but will also help return of a consumer’s private information to where it belongs—to the consumer.
We urge the committee to adopt the Kagan bill, without creating a series of exceptions that will weaken it and allow identity theft to continue to grow. Enactment of this bill would make Maryland a national leader in fighting identity theft. We would be happy to assist the committee in its further consideration of this important issue. Thank you for the opportunity to testify before you today.
 See 22 May 2002 testimony to Congress of MARYPIRG National Consumer Advocate Edmund Mierzwinski on the Shaw bill, HR 2036, <http://www.pirg.org/consumer/ssn22may.htm> which includes an identical anti-coercion section to that of HB 281. Link to full hearing: <http://waysandmeans.house.gov/socsec/107cong/ss-4wit.htm>
 California has also enacted similar limits on private uses of the Social Security Number, with broader exceptions. See SB 168, State Senator Debra Bowen, signed by governor 10 Oct 2001, http://www.leginfo.ca.gov/pub/bill/sen/sb_0151-0200/sb_168_bill_20011011_chaptered.html In addition to its Social Security Number use restrictions, SB 168 includes sweeping new identity theft victim protection, such as a credit report security alert blocking provision that only allows release of a credit report by a consumer-initiated password.
 For details on this and other identity theft developments, see Congressional testimony of state PIRG consumer associate Janine Benner, 13 September 2000 (link to full hearing <http://www.house.gov/financialservices/91300toc.htm>)
 U.S. Privacy Act of 1974, Public Law 93-579.