PROTECTING PERSONAL DATA

What may be most surprising about the recent security breaches at credit card processing companies and information brokers is how long it has taken them to notify authorities – let alone customers – of the problems. In the most recent incident, as many as 40 million credit card holders were exposed to possible fraud due to a security breach at a credit card processing company. The problem was not reported to authorities for months. Card holders were not informed.

A bill signed into law by Gov. John Baldacci this week aims to avert such delays here. The bill signed Friday will require information brokers, companies that buy and sell personal information, to notify Maine residents if the company experiences a security breach. Earlier this year, Georgia-based data broker ChoicePoint disclosed that thieves had obtained detailed personal records on 145,000 individuals. The company was not required to notify the individuals whose information was taken. Under Maine’s new law it would be.

In the ChoicePoint case, Will Lund, the director of Maine’s Office of Consumer Credit Protection, asked the company for the names of the 250 Mainers whose information was thought to be affected. Mr. Lund then wrote to each person asking if they had received disclosure notices from ChoicePoint, if they understood the notice and if there were unauthorized charges on their credit cards. Many of the letters were undeliverable, but the office got about 125 responses. Many people said they didn’t understand the notices or thought they were fraudulent attempts to get more personal information. This is interesting because companies trying to legitimately help their customers are now being stung by scams that use bank names to pry personal information out of people.

Maine’s new law also requires the Office of Consumer Credit Protection to study whether the notification requirement should be extended to lenders and creditors. The state’s Chief Financial Officer must study whether the state should meet the requirement as well.

Two other new laws will allow consumers to freeze access to their credit reports to stop the fraudulent opening of new accounts in their names and criminalize the fraudulent use of credit card skimmers and decodes. A man working as a waiter at a restaurant in Falmouth used a skimmer to read and retain credit card numbers from restaurant patrons, many of whom later reported fraudulent activity on their cards.

Under federal law, credit card holders are liable for no more than $50 of unauthorized charges and some companies offer zero liability. Still, there is reason for concern.

While destroying credit card re-ceipts and mail solicitations for new credit cards may still be good advice, it is not enough. Mr. Lund recommends keeping a close eye on all your statements and frequently reviewing your credit reports.