Under the Federal Trade Commission’s (FTC) Fair and Accurate Credit Transactions Act (FACTA), consumers can place or remove fraud alerts or truncate their Social Security number in their file disclosures. This legislation was enacted on Dec. 4, 2003, and amends the Fair Credit Reporting Act.

The FTC’s final rule defines “identity theft” as a fraud that is committed or attempted, using a person’s identifying information without authority. The rule also states that “identifying information” should have the same meaning as “means of identification” in the federal criminal statute defining identity theft.

Consumers need “identity theft reports” to place an extended fraud alert on their credit file and to block information resulting from identity theft from appearing in their credit files. To prevent misuse of identity theft reports for credit repair scams, the FTC’s rule requires that consumers allege the identity theft with as much specificity as possible and enables credit bureaus or creditors to request, with certain limitations, reasonable additional information to help them determine if identity theft actually occurred.

Another rule addresses the “appropriate proof of identity” needed to block fraudulent information on a consumer’s credit report, place or remove a fraud alert, or truncate consumers’ Social Security numbers in their file disclosures. The rule requires the credit reporting agencies develop “reasonable requirements” to ensure, at a minimum, that consumers are matched with their files.

The complete article is available at: http://www.ftc.gov/opa/2004/10/facataidtheft.htm

The Financial Modernization Act of 1999, also known as the “Gramm-Leach-Bliley Act” or GLB Act, includes provisions to protect consumers’ personal financial information held by financial institutions.

The GLB Act gives authority to eight federal agencies and the states to administer and enforce the Financial Privacy Rule and the Safeguards Rule. These two regulations apply to “financial institutions,” which include not only banks, securities firms, and insurance companies, but also companies providing many other types of financial products and services to consumers.

For a summary overview of the Financial Privacy Rule, see In Brief: The Financial Privacy Requirements of the Gramm-Leach-Bliley Act.

The complete article is available at http://www.ftc.gov/privacy/glbact.

Bill No. 698 is now in effect. It relates to the disposal of certain business records that contain personal identifying information, providing a civil penalty.

It addresses the Business & Commerce Code, identifying “Personal and identifying information” as information that alone or in conjunction with other information identifies an individual, living or dead.  The term includes an individual’s:

(A) Name, date of birth, or Social Security number or other government–issued identification number;

            (B) Mother’s maiden name;
            (C) Unique biometric date, including the individual’s fingerprint, voice print, and retina or iris image;
            (D) Unique electronic identification number, address, or routing code;
            (E) Telecommunication access device, including debit and credit card information;
            (F) Financial institution account number or any other financial information; and
            (G) Telephone number.

Bill No. 698 also amends the Business & Commerce Code in Section 35.48, as such:

• A business that disposes of a business record that contains personal identifying information of a customer of the business shall modify, by shredding, erasing, or other means, the personal identifying information to make it unreadable or undecipherable.
• A business that does not dispose of a business record of a customer in the manor required by Subsection (d) is liable for a civil penalty of up to $1,000 for each record. The attorney general may bring an action against the business to:
• recover the civil penalty;
• obtain any other remedy, including injunctive relief; and
• recover costs and reasonable attorney’s fees incurred in bringing the action

This Act applies to the disposal of business records without regard to whether the records were created before, on, or after the effective date of this Act. This Act took effect September 1, 2005. For more information or the complete bill, please see www.capitol.state.tx.us/tlo/79R/billtext/HB00698F.HTM