xml:space="preserve">
xml:space="preserve">
Advertisement

Freeze your credit before you get burned

Thanks to a new law, Marylanders may freeze their credit reports once for free as of Oct. 1st, and now more than ever, it is in your interest to do so. Equifax, a credit monitoring agency, was recently hacked, exposing the sensitive personal information of at least 145 million people. And last week, Yahoo disclosed that all 3 billion of its email account holders were affected by a 2013 data breach — triple the initial estimate.

A credit freeze will safeguard against anyone else accessing your credit report to apply for lines of credit in your name, even if they've already stolen your information. To get this protection, you must arrange a freeze at all three of the major credit monitoring companies: Equifax, Experian and TransUnion. Information about how to do this may be found the Federal Trade Commission website, among other places.

Advertisement

This year, I sponsored and led passage of the credit security freeze consumer protection law — along with Democratic Delegate Jeff Waldstreicher and with the support of Attorney General Brian Frosh — that allows consumers to obtain a security freeze without paying a fee regardless of whether their information was compromised. This law will help you proactively prevent identity theft before your family gets burned.

House lawmakers sharply criticize Equifax's former chief executive over the credit rating company’s massive data breach, and some call for tougher cybersecurity legislation to protect Americans’ sensitive information.

There is a troubling irony that after we spent two years debating the credit reporting agencies about the need to eliminate fees that may discourage consumers from freezing their credit when their financial identity is at risk of being appropriated, and now a data breach occurs on their watch while we are expected to pay them for their "service." Initially, we also wanted to prohibit a fee on a temporary lifting of the freeze (thawing) in our legislation, but that language was amended out of the bill due to effective lobbying efforts. The governor chose not to sign the compromise bill; it nevertheless became law.

Since then, we've learned that Equifax may have been careless with security patch updates while using our personal information as a commodity. Individuals are not Equifax's customers; the credit companies are, and our personal information is their product. USPIRG recommended that everyone freeze their credit as a default precaution before the last dozen or so data breaches, and now after the Equifax data breach, there should be less debate about the wisdom of a preventive security freeze, especially for our minor children.

Minors are less likely to have personal information with Equifax; however, it is worth mentioning that Maryland has an older law that gives parents the ability to freeze their children's credit. The financial identities of children are the most lucrative for thieves. Children are unlikely to check their credit score, so an identity thief has more time with their information, allowing more serious harm to accumulate.

 

Even if you are able to put the genie back in the bottle, the stress, time and effort required will be a nightmare. Protect yourself and your family. It is only a matter of time before you or someone close to you will have their financial identity stolen.

As government regulated monopolies, the three credit reporting agencies have an important quasi-governmental function that we all should value. However, if those companies do not adequately value the individuals whose data they track, I, as an elected state official will continue to step in and make sure that the rules of the road protect consumers, not just the bottom line of Equifax. Therefore, next legislative session, I plan to introduce a follow-up bill to extend the consumer protection law to cover free thawing of the freezes, subsequent freezing, as well as extend free credit freezes to child/guardians, and require free credit monitoring by the companies responsible for your personal information, under certain circumstances.

As of Jan. 1, 2018, there will also be an update to the Maryland Personal Information Protection Act (MPIPA), from another bill for which I was the lead sponsor, with Democratic Dels. Ned Carey and Mary Ann Lisanti. Chapter 518 (2017) will set specific timelines for reporting data breaches of personal information. The updated MPIPA will also help to guard new types of personal information such as your email account and biometric information. Be vigilant with your personal information, but also be realistic that criminals likely already have some of it. So, protect yourself. Freeze your credit before you get burned.

Maryland State Sen. Susan C. Lee (susan.lee@senate.state.md.us), a Democrat, is a member of the Maryland Cybersecurity Council and the co-chair of the council's Subcommittee on Law, Policy & Legislation. She was the Senate lead sponsor of SB 270, which passed during the 2017 Maryland General Assembly Legislative Session.

Advertisement
Advertisement
Advertisement