33 Pages Posted: 19 Jan 2006
Date Written: November 2005
States have long taken the lead in protecting consumers' privacy and ensuring the accuracy of credit reports. In 1992, Vermont was the first state to pass a law providing a free annual credit report on request, followed by Colorado, Georgia, Maine, Maryland, Massachusetts, and New Jersey. California adopted other comprehensive reforms in 1994. California later became the first state to require disclosure of credit scores and protections for identity theft victims. In 2003, Congress followed the states' lead in these areas, adopting the free credit report and access to a credit score as well as enacting some new identity theft protections.
The model law proposes additional safeguards in some of the numerous areas which the 2003 federal FACT Act left for future action by the states. The model law's provisions address some of areas where federal law permits states to give consumers greater protection.
The State Clean Credit and Identity Theft Protection Act offers specific, workable provisions that state legislatures can adopt to reduce the risk of identity theft and to give consumers tools to prevent some of the harm from identity theft. By the end of 2005, 21 states have passed some form of notice of breach legislation, while 12 states have passed security freeze laws with more states currently considering such legislation. The model law offers specific types of protections, many of which have actually been adopted by state legislatures.
This updated version of model identity theft legislation has been compiled with the intent to put forth the best language and practices in providing consumers with protections from identity theft. This model law was first issued in 2004, and has provided a framework for state bills, particularly on security freezes and notice of data breach, throughout the country. Most of the changes in this 2005 revision are updates to reflect improvements that have been adopted, or considered, in state legislatures. The model act addresses the following in eleven sections:
- Security Freeze;
- Protection for Credit Header Information;
- Right to File a Police Report Regarding Identity Theft;
- Factual Declaration of Innocence After Identity Theft;
- Consumer-Driven Credit Monitoring;
- Prevention of and Protection From Security Breaches;
- Social Security Number Protection;
- Banning Credit Scoring and Insurance Scoring for Use in Insurance Decisions;
- Adequate Destruction of Personal Records; and
- Severability Clause.
The model law can be enacted as discrete, separate pieces of legislation or as a single package. If enacting a provision separately, states should use any definitions from section one that are referenced in that provision. In addition, states should include the severability clause outlined in section eleven of the model law when enacting any of its provisions.
Each section of this model law has an introduction, explains the section, describes similar state laws, and contains explanatory footnotes. The Appendix provides an extensive analysis of the authority of states to enact laws in the areas covered by this model law.
Keywords: identity theft, security freeze, credit file freeze, security breach, credit monitoring, credit score, insurance score, social security number protection, credit header
Suggested Citation: Suggested Citation
Public Interest Research Group, U.S. and Union, Consumers, The Clean Credit and Identity Theft Protection Act: Model State Laws - A Project of the State Public Interest Research Groups and Consumers Union of U.S., Inc. (November 2005). Available at SSRN: https://ssrn.com/abstract=846505 or http://dx.doi.org/10.2139/ssrn.846505