LSC Synopsis of Senate Amendments

Sub. H.B. 46

127th General Assembly

(S. Judiciary Civil Justice)

The committee adopted amendments to do all of the following:

1. Authorize a consumer to request a credit freeze in writing by a service comparable to certified mail and by any secured electronic method authorized by a consumer credit reporting agency in addition to a request by certified mail and remove requirement that request be made to designated address.

2. Require a consumer credit reporting agency to place a security freeze on a consumer's credit report not later than three (instead of five) business days after receiving a request for the security freeze.

3. Require the consumer credit reporting agency to send a written confirmation of the security freeze within five (instead of ten) business days of placing the security freeze and requires that the number or password given the consumer not be the consumer's social security number.

4. Provide a procedure for a consumer to release the consumer's credit report subject to a security freeze to a specific person (in addition to a specified period of time) and provide that a consumer requesting any such release contact the consumer credit reporting agency by certified mail or other comparable service, secure electronic method selected by the consumer credit reporting agency, or telephone instead of by contacting the consumer reporting agency using a point of contact designated by the consumer reporting agency.

5. Remove from the list of entities that are not required to place a security freeze on a consumer's credit report a consumer reporting agency when acting as a provider of information concerning, and used for, criminal record information, fraud prevention or detection, personal loss history information, and employment tenant or background screening.

6. Include within the list of entities to whom a consumer credit reporting agency may release a consumer credit report on which a security freeze has been placed any federal, state, or local governmental entity, agency, or instrumentality that is acting within its authority or a person seeking to use the information contained in the consumer's credit report for the purpose of prescreening pursuant to the "Fair Credit Reporting Act," whether or not initiated by the consumer.

7. Modify the provisions regarding temporarily lifting a security freeze by removing the requirement that a consumer reporting agency, after January 31, 2009, comply with a request that was received electronically to temporarily lift a security freeze within 15 minutes of receiving the request and replacing it with a requirement that a consumer credit reporting agency that receives a request by secure electronic method selected by the consumer credit reporting agency, telephone, or another means authorized by the consumer credit reporting agency from a consumer to temporarily lift a security freeze on a credit report comply with the request not later than 15 minutes after receiving the request unless certain specified circumstances apply.

8. Decrease the fee that a consumer credit reporting agency may charge for placing a security freeze on a consumer's credit report from $10 to a reasonable fee not to exceed $5 and allows a consumer credit reporting agency to charge a reasonable fee not to exceed $5 to a consumer who fails to retain the original personal identification number provided by the consumer credit reporting agency and must be reissued the same or a new personal identification number.

9. Remove the provision that states that if a third party requests access to a consumer credit report on which a security freeze is in effect and this request is in connection with an application for credit or any other use and the consumer does not allow the consumer's credit report to be accessed for that period of time, the third party may treat the application as incomplete.

10. Remove the requirement that if a consumer requests a security freeze, the consumer reporting agency disclose to the consumer the process of placing and temporarily lifting a security freeze and the process for allowing access to information from the consumer's credit report for a period of time while the security freeze is in place.

11. Permit the Attorney General to conduct an investigation of a consumer credit reporting agency if the Attorney General has reason to believe that the consumer credit reporting agency has failed or is failing to comply with the security freeze requirements.

12. Specify the requirements regarding persons who are subpoenaed to produce relevant matter in the course of the Attorney General's investigation of a consumer credit reporting agency.

13. Allow the Attorney General to bring a civil action if it appears that a consumer credit reporting agency has failed or is failing to comply with the security freeze requirements (not just for a violation of the procedures for lifting a freeze) and, if there is a finding that the consumer credit reporting agency intentionally or recklessly failed to comply, require the court to impose a civil penalty of up to $2,500 for each instance that the consumer credit reporting agency fails to comply.

14. Provide that the statute of limitations for a consumer's civil action against a consumer credit reporting agency is not later than the earlier of two years after the date of discovery by the plaintiff of the consumer credit reporting agency's willful or negligent failure to comply or five years after the date of the consumer credit reporting agency's willful or negligent failure to comply.

15. Provide, with certain specified exceptions, that a consumer credit reporting agency is not liable in damages in a civil action for any damages a consumer allegedly sustains as a result of the consumer credit reporting agency's placement of a security freeze on the consumer's credit report in violation of the requirement to place the security freeze within three business days, send confirmation within five business days, and provide a unique personal ID number or password if the consumer credit reporting agency establishes as an affirmative defense that it made a good faith effort to comply with the law and that it placed a security freeze on the consumer's credit report as a result of a misrepresentation of fact by another consumer.

16. Require each public office or person responsible for public records to maintain a database or list that includes the name and date of birth of all public officials and employees elected to or employed by that public office.

17. Prohibit a public office or a person responsible for the public office's public records from making available to the general public on the Internet any document that contains an individual's social security number.

18. Provide a procedure for an individual to request that a public office or a person responsible for a public office's public records redact personal information of that individual from any record made available to the general public on the Internet.

19. Provide a procedure for a peace officer, parole officer, prosecuting attorney, assistant prosecuting attorney, correctional employee, youth services employee, firefighter, or EMT to request that a public office other than a county auditor or a person responsible for the public records of a public office other than a county auditor redact the address of that person from any record made available to the general public on the Internet.

20. Require a public office or a person responsible for a public office's public records to redact, encrypt, or truncate from an electronic record of that public office that is made available to the general public on the internet an individual's social security number that was mistakenly not redacted, encrypted, or truncated from that electronic record and to do so within a reasonable period of time.

21. Provide that a public office or a person responsible for a public office's public records is not liable in damages in a civil action for any harm an individual allegedly sustains as a result of the inclusion of that individual's personal information, or for any harm a peace officer, parole officer, prosecuting attorney, assistant prosecuting attorney, correctional employee, youth services employee, firefighter, or EMT sustains as a result of the inclusion of that person's address, on any record made available to the general public on the internet unless certain specified circumstances apply.

22. Provide that the preparer of any document to be recorded with the county recorder's office may not include any individual's personal information in that document and that a county recorder may not accept a document for recording if it includes any individual's personal information.

23. Provide a procedure to allow a peace officer, parole officer, prosecuting attorney, assistant prosecuting attorney, correctional employee, youth services employee, firefighter, or EMT to submit a written request to the county auditor requesting the county auditor to remove the name of the person from the general tax list of real and public utility property and the general duplicate of real and public utility property and insert the initials of that person on the general tax list of real and public utility property and the general duplicate of real and public utility property.

24. Prohibit the county auditor from charging a fee when a current owner on the general tax list of real and public utility property and the general duplicate of real and public utility property is a peace officer, parole officer, prosecuting attorney, assistant prosecuting attorney, correctional employee, youth services employee, firefighter, or EMT and is changing the current owner name listed on the general tax list of real and public utility property and the general duplicate of real and public utility property to the current owner's initials.

25. Provide that the statute of limitations for a cause of action on the grounds of identity fraud is five years.

26. Provide that if the period of limitation for a felony, misdemeanor, or minor misdemeanor or for a prosecution of a certain specified offense has expired, prosecution for identity fraud must be commenced within five years after the discovery of the offense.

27. Require the Attorney General to cooperate with and provide technical assistance to any local law enforcement agency in the state, upon that agency's request, with respect to the enforcement of identity fraud crimes.

28. Prohibit the Secretary of State from accepting a document for filing or recording if the document contains any individual's social security number or federal tax identification number unless certain specified circumstances apply.

29. Require the Director of the Office of Information Technology to employ a chief privacy officer who is responsible for advising the Office and state agencies when establishing policies and procedures for the security of personal information and developing education and training on the state's security procedures and a chief information security officer who is responsible for the implementation and coordination of policies and procedures for the security of personal information maintained and destroyed by state agencies.

30. Remove the delay of the bill's effective date for one year and instead specify that the effective date of the bill is September 1, 2008.

H0046-127.doc/ar 4/23/2008