Banks don't need to notify anyone when personal information is breached
From Missouri Digital News:
MDN Menu

MDN Home

Journalist's Creed


MDN Help

MDN.ORG: Missouri Digital News
MDN Menu

MDN Home

Journalist's Creed


MDN Help

MDN.ORG Mo. Digital News Missouri Digital News MDN.ORG: Mo. Digital News MDN.ORG: Missouri Digital News

Banks don't need to notify anyone when personal information is breached

Date: April 20, 2009
By: Emily Coleman
State Capitol Bureau
Links: SB 207, SB 245, HB 314, SB 222, HB 100

JEFFERSON CITY - Sierra Smith, a law student in Columbia, used to think credit reports were for people with credit.

But about two years ago when she randomly looked up her credit report following a strange phone call to her parents' house from a collection agency, she was shocked to find her identity had been stolen at least three years previously when she was 18.

 Identity Theft Measures Being Considered

  • Require companies to notify individuals when information has been compromised
  • Require Social Security numbers to be removed from various court documents. 
  • Restrict financial institutions from disclosing private information without consent or a warrant.

"At this point, I had just started to establish credit," Smith said. "So it was very scary because here I am at kind of a transitional point in my life and I need credit to be able to move forward with my life and get loans for school and such. And someone had already totally tarnished my credit without my knowledge."

Numerous credit cards and even a local cable TV account had been opened in her name over the course of the three years.

She still doesn't know how or when her information was compromised or by whom.

Stories like that of Smith have prompted several proposals by legislators that would delve into the issue of identity theft.

One proposal, which has passed the Senate and is awaiting action in the House, would require companies to alert individuals when their personal information has been compromised.

"I think as we rely more and more on electronic data and as hackers become more savvy, the combination there, it's a better situation now for more mischief to take place and so, therefore, consumers, to be protected, have to know when their identity has been stolen," said one of the sponsors of the measure, Sen. Kurt Schaefer, R-Columbia.

Missouri is one of six states that does not require such a notification.

"There was initially some people opposed to it, but not on the idea, just on how the words are written and how it would affect certain industries," said Sen. Scott Rupp, R-St. Charles County, the other sponsor. "But we've been meeting with everybody to make sure we have good language that doesn't have any unintended consequences."

The original draft faced opposition from some banks, which were concerned they would incur undue costs in the notification process, Schaefer said. Not all banks had a problem because many, particularly banks that operate in multiple states, already have a notification process.

Schaefer said that issue has been resolved.

Only the Missouri Credit Union Association testified against the bills in during the February Senate committee hearing.

"We would have liked to have seen some reimbursement for financial institutions in this bill, but I think it's a little early to define under what conditions that would happen," said a lobbyist for the association, Peggy Nalls, at the hearing.

She said in a recent interview, however, that their concerns are no longer an issue as they are waiting to see if there are any judicial ramifications.

Two other approaches to protecting individual information have made little headway in the legislature and remain stalled in committee.

One proposal would remove Social Security numbers and other personal information from public court records in divorce and child custody cases.

"Anyone can come in off the streets, potentially look in these records and have all the tools they need to get a credit card or steal the identity of the person," said the sponsor of the Senate version, Sen. Jack Goodman, R-Mt. Vernon.

It is being considered in both the House and Senate.

House Judiciary Committee chair Bryan Stevenson, R-Webb City, said the bill is overly complicated and costly, especially during a budget crunch.

"To do all the redacting that was outlined in the legislation, it could create a tremendous amount of additional work, and we are already very short-staffed at our county clerk's offices," Stevenson said.

Rep. Belinda Harris, D-Hillsboro, the sponsor of the House bill, said the cost problem is being addressed by removing the information in future records as they occur and sealing all relevant past court records. This way the clerks would not have to go back through all the documents on record, blacking out the personal information.

"Counties don't mind having these regulations as long as it's not going to be a cost to them," Harris said. "If the state's going to mandate something, they say, 'Well, give us the money and we'll do it.' But the state doesn't have the money, either."

Goodman's version also faced objections over costs and the concern that the change would cost federal money.

Stevenson said federal law requires any court order or judgment concerning minor children to have the Social Security numbers of the parents and the child.

Goodman said these issues have been addressed by limiting what records as a whole are public instead of including information in those records.

While the Senate version had a hearing on the bill at the end of March, the House Judiciary Committee has not scheduled a hearing for it.

Another bill would require a customer's consent for the release of personal financial information. 

"People shouldn't be just given access to your accounts without having a reason to be looking at them anyway, and I think the judge is a perfect person to decide whether or not the situation warrants that," said Rep. Ed Wildberger, D-St. Joseph.

Wildberger said that some companies sell personal information and that they shouldn't be able to do that without the customer's consent.

It would also allow a person to place on the credit report a security alert saying that his or her identity has been stolen.

Wildberger said he has submitted this bill five years in a row without success.

He said that he's had problems pushing it through because the opposition is "just against all regulation" and because he's a Democrat.

For Smith, her stolen identity has continued to be a problem.

"I just got a call the other day. Someone called me to ask when I wanted to start making my payments on my 2005 Nissan Maxima, and I don't own one, never have. And so now I need to check up on that," Smith said. "So it's not only did this happen, and it's been removed, but it's still something that I'm worried about because obviously someone has access to all this information, and there's nothing I can do to get it back."

She said that though the police were helpful, there wasn't much they could do to catch the person responsible.