National Consumer Credit Reporting System Improvement Act of 2003

NATIONAL CONSUMER CREDIT REPORTING SYSTEM IMPROVEMENT ACT OF 2003

Mr. REED. Mr. President, I rise today in support of the National Consumer Credit Reporting System Improvement Act of 2003, which would reauthorize expiring provisions of the Fair Credit Reporting Act. I commend Senator Shelby and Senator Sarbanes for their hard work in addressing this issue and for putting forward a bipartisan bill to strengthen our Nation's credit system. The Banking Committee has held numerous hearings on all aspects of this issue over the past year that have highlighted the concerns of consumers, regulators, and private companies.

One of the cornerstones of our national economy is consumer access to credit. Access to credit allows for smooth functioning of our national economy with consumers able to get loans for homes, cars, and commercial purchases.

This is all made possible by having a national credit system, as first put into place by the Fair Credit Reporting Act in 1970, and then standardized by the 1996 amendments to the act. Uniform national standards have improved the efficiency of the system by reducing the regulatory burden on lenders, thereby allowing them to pass on better service and lower costs to consumers. Automated underwriting systems translate to quicker credit decisions and more convenience for borrowers and lenders alike, while making risk-based decisions more accurate.

Failure to reauthorize national standards would balkanize our national credit system and potentially hurt every consumer in America. The Banking Committee recognized this and voted unanimously to report S. 1753.

This important legislation includes numerous consumer protections against identity theft. I am alarmed by the abuses that have resulted in identity theft. With more and more financial and personal information being exchanged through electronic channels, there is an inevitable trade-off-sensitive information can fall into the wrong hands.

Over the past several years, identity theft has become a significant problem in the United States. According to a recent survey by the Federal Trade Commission, 9.9 million Americans were victims of identity theft in 2002, at a tremendous cost to consumer victims of $5 billion in out-of-pocket expenses and $48 billion in losses to business and financial institutions. Indeed, complaints to the FTC about identity theft have nearly doubled every year for the past 5 years.

By its very nature, this challenge requires coordination between the public and private sectors and between local, State, and Federal government. Identity theft is costly to consumers, costing New England alone over $44 million in 2001. The impact on private financial institutions should be no less obvious, and these companies are essential to any attempts at prevention and consequence management.

S. 1753 represents a major step in this public-private effort to combat identity theft. Among many provisions, it would allow victims of identity theft to place fraud alerts in their credit reports, block fraudulent transactions from being reported, and prevent false information from "repolluting" credit reports in the future. It would require businesses to truncate credit and debit card account numbers on printed receipts. And it empowers consumers to ensure the accuracy of their own credit history by granting them a free annual credit report from national credit reporting agencies.

These are good steps. However, I believe that S. 1753 can be improved to address several other closely related consumer and privacy issues. We are seeing an increasing number of successful breaches of security at banks and processing companies, and we should address this trend head on in this debate. Just this past February, a computer hacker accessed 10.2 million credit card and debit card account numbers by breaking into a database maintained by a third-party transaction processor. This was the biggest credit card security breach ever in terms of the number of cards affected.

Citizens Bank, located in my home State of Rhode Island, felt that this breach posed a significant enough risk to cancel the debit cards of nearly 8,800 customers and issue them new cards. I applauded this quick effort to protect consumers. Unfortunately, not every bank matched Citizen's level of consumer care, and many decided that the cost of reissuing cards or informing their customers exceeded the risk to consumers.

In light of this less than comprehensive response, I would like to highlight one particularly troubling practice during this incident. According to media reports, even though some credit card issuers learned of the database intrusion early in February, they waited several weeks before disclosing the incident. Even with the zero-liability policies for the vast majority of major credit cards, debit card holders could see their bank accounts depleted, and all affected customers still run the risk of being victims of identity theft, even months or years after the security breach occurred.

Senator Corzine has introduced an amendment that would require financial institutions, creditors, and users of credit reports to notify the FTC when the security of consumer financial information is accessed in an unauthorized manner. A mandatory and timely disclosure of such breaches will allow the Federal Government, along with the institutions and consumers, to closely monitor transaction information and mitigate the resulting damage from the breach.

An amendment from Senators CANTWELL and ENZI would further enhance these identity theft provisions with language from a bill passed unanimously by the Senate last year. Their amendment would establish a single uniform procedure for individuals to establish that they are victims of identity theft, requiring a notarized FTC affidavit, a government identification, and a police report. It then gives these victims access to any business records related to their identity theft-related fraud, which today is a time-consuming and difficult task.

I would also be remiss if I did not address the much broader topic of privacy, a topic that is one of the most important issues to the American public. Privacy is important to Americans, as evinced by the overwhelming outpour of support for the national do-not-call registry, financial privacy legislation in California, and the Senate's unanimous vote against email spam. Indeed, Supreme Court Justice Louis Brandeis championed the right to privacy, calling it "the right to be let alone, the right most valued by a civilized people." I believe that we must continue the privacy debate that we began with the Gramm-Leach-Bliley Act and find the appropriate balance between consumers' privacy and the efficient operations of financial institutions.

I commend Senators SHELBY and SARBANES for including a targeted opt-out for affiliate sharing for marketing purposes in this bill, but I am not convinced that this step is sufficient. When Congress passed the amendments to the Fair Credit Reporting Act in 1996, affiliate sharing had a very different meaning. The Gramm-Leach-Bliley Act had not yet been passed, and massive financial services holding companies had not emerged. Today, according to the Federal Reserve's National Information Center, the largest bank holding company has at least 1639 affiliates as of June 30, 2003. The meaning of affiliate sharing has changed, and will likely continue to change as the financial services industry adapts to changing times.

In its report to Congress on the economics of financial privacy, the Congressional Research Service argues that in a world with imperfect information, financial institutions would have an incentive to offer some compensation to their customers if they had to obtain their consent to use and share their information. The CRS report makes a good point. Consumers' financial information is inherently valuable, and they should have the right to prevent it from being shared for marketing or other profitable purposes. Indeed, as personal financial information gets passed from affiliate to affiliate and is handled by an increasing number of people, consumers will be placed at a higher risk of becoming victims of identity theft. The choice of how that information is spread should ultimately be theirs.

Senators FEINSTEIN and BOXER have put forward a reasonable compromise on the matter of privacy and affiliate sharing. This amendment on affiliate sharing was drawn from the California Financial Information Privacy Act, which was negotiated over the course of four years with industry and consumer representatives. There is no reason for me to believe that the situation has changed dramatically since the interested parties supported that legislation.

Finally, I would like to speak in support of one of Senator Feinstein's other amendments on medical information. Even more than financial data, health-care related information should enjoy a special protection so that individuals will feel free to seek appropriate medical interventions and share all pertinent information with their doctors. Senator Feinstein's amendment would fix the definition of medical information in S. 1753 to include mental and behavioral health information and health-related information that was collected for other purposes like for worker's compensation or casualty and property insurance.

As we debate S. 1753 and vote to strengthen our Nation's national credit system, we must renew our commitment to working to ensure consumer privacy amidst changing practices and standards in the market. With this in mind, I urge all of my colleagues to support this important bill.