The Boston University Washington Journalism Center

Senate Set to Vote on National Privacy Standard

by Becky Evans

WASHINGTON - Flying above the headquarters of Citigroup Inc. in Midtown Manhattan last week, a lone airplane scrawled five digits across a clear-blue sky: the first part of Citigroup Chairman Charles Prince's Social Security number.

The Foundation for Taxpayer & Consumer Rights, a California-based consumer group, used the skywriting stunt to illustrate the problem of identity theft and to protest Citigroup's support of financial privacy legislation that will be debated in the U.S. Senate this week.

The controversial bill, sponsored by Sen. Richard Shelby (R-Ala.), would reauthorize the Fair Credit Reporting Act, a 1970 federal law that established national credit reporting standards. Unless reauthorized, several provisions of the law will expire at the end of the year.

Shelby's bill would strengthen existing law by requiring merchants to eliminate credit card and bank account numbers on electronic receipts, increasing the maximum penalty for identity theft from three to five years in prison and allowing consumers to place fraud alerts on their consumer reports.

But consumers' groups said the bill doesn't go far enough to protect Americans from the growing crime of identity theft, which occurs when someone steals a Social Security number or other personal information to obtain credit, merchandise or services in someone else's name.

The Foundation for Taxpayer & Consumer Rights and other advocacy groups oppose a provision in the bill and in the current law that prevents states from passing financial privacy laws that are tougher than the federal law.

Jamie Court, executive director of the taxpayers' foundation, said the bill would prevent California's recently passed privacy law from taking effect next July as planned. The law would allow consumers to prevent financial institutions from giving or selling their private financial information to corporate affiliates.

If the federal bill is passed, it also would undermine legislation sponsored by Massachusetts State Rep. William M. Straus (D-Mattapoisett) that would provide consumers with the same protections as the California law, said Eric Bourassa, a consumer associate for the Massachusetts Public Interest Research Group.

Rep. Straus said he would "be disappointed if Congress takes away from the states the ability to provide strong privacy protectionsáMy personal hope is that they leave the states alone on this."

In 1995, Massachusetts became the first state to grant consumers the right to a free credit report each year, so they can better monitor their credit records for fraud. If the federal bill is passed, this law would remain intact, but additional privacy protections would be blocked.

California Senators Dianne Feinstein and Barbara Boxer, both Democrats, are expected to introduce an amendment to the federal bill that would limit the amount of sensitive consumer information corporations can disburse.

"The dirty little secret is that corporations can share private information with thousands of affiliatesá making it easier to know everything about everyone," Mr. Court said. To prove his point, he said he bought Mr. Prince's Social Security number on the Internet for $30. For the same price, Mr. Court's organization also bought the Social Security numbers of Gov. Mitt Romney and Mayor Thomas M. Menino in September.

A recent study by the Federal Trade Commission showed that nearly 10 million Americans, 2,957 of them Massachusetts residents, were victims of identity theft in 2002. Identity theft victims spend an average of $1,400 and 600 hours trying to clear their names, according to the Identity Theft Resource Center, a nonprofit group dedicated to raising public awareness of identity theft.

Banks, insurance companies and other financial institutions support the federal bill, even though they are also victims of identity theft, according to lobbyists working on their behalf.

"Everyone knows that, at the end of day, financial institutions have to absorb the losses from identity theft," said Nessa Feddis, senior counsel at the American Bankers Association. The bankers' group belongs to the Financial Services Coordinating Council, which has lobbied in support of the bill.

Ms. Feddis said permanent federal pre-emption of state privacy laws would be necessary to preserve the current nationwide credit system "that allows anyone to get a credit card or mortgage from anywhere in the country.

"If you have 50 different states adopting different rules, it makes the credit system inefficient and expensive," she said. "We are talking about 50 different forms you have to fill out, which complicates things and adds expenses. There is no tangible consumer benefit."

Ms. Feddis said the federal bill includes new regulations that would protect consumers from identity theft and improve the accuracy and accessibility of consumer credit reports.

But consumer groups assert these measures are not strong enough. They say that if financial institutions were serious about cracking down on identity theft, they would support a stronger bill that prohibited affiliates from sharing consumer information. The institutions haven't done that, Mr. Court said, because it would cost them more than identity theft does.

"They want to be able to share information with any company they want, so they can market you in more ways," he said. "To them the cost of identity theft is an easy write-off compared to the benefits of trading personal information."

Massachusetts does not require companies to obtain permission from consumers before selling their private data.

Shelley Curran, policy analyst at the Consumers Union, a nonprofit testing organization that publishes Consumer Reports, said there is a "simple connection" between information sharing and identity theft.

"If a financial institution has 1,700 affiliates, that means information can be shared in 1,700 different places, making it easier for computer hackers to steal consumers' information," she said.

It is to protect this information sharing that Citigroup and other financial institutions have been "throwing megabucks" at members of the House and Senate banking committees to pass legislation that prevents states from enacting tough privacy laws, said Linda Foley, executive director of the Identity Theft Resource Center.

The Center for Responsive Politics, an independent organization that monitors campaign contributions, reported that Citigroup and other businesses that support the Senate bill contributed more than $471,000 in the first half of this year to Republicans and Democrats on the Senate Banking, Housing and Urban Affairs Committee, which passed the bill.

"In terms of the banking committee, which obviously gets most of its money from banking and financial interests, it is not an uncommon concern that industry is giving influence by giving money," said Sheryl Fred, a researcher at the center. "Consumer groups are concerned because these consumer groups don't give a lot of money."

Citigroup spent $4.6 million on lobbying in the first six months of this year, according to a report filed with Congress. The investment bank is also the top contributor to Sen. Shelby's 2004 re-election campaign. According to the Center for Responsive Politics, Citigroup contributed $62,000 to Sen. Shelby, who chairs the Senate banking committee.

Banks, credit unions, and insurers have also made major campaign contributions to members of the House Financial Services Committee, which passed a similar privacy bill in September. The House bill, which passed by a vote of 292-30, would permanently extend the 1996 Fair Credit Reporting Act provision that prevents states from enacting stronger privacy protections.

Rep. Barney Frank (D-Mass.), the senior Democrat on the committee, voted in favor of the bill. Frank received a $5,000 contribution from the American Bankers Association, a key supporter of the reauthorization bill. But spokespersons for consumer groups said Frank worked hard to add consumer protections to the bill.

"Barney Frank was trying to add amendments to strengthen what was already a bad bill," said Ms. Foley, of the Identity Theft Resource Center.

One of Frank's amendments, which was approved on the House floor by a vote of 233-189, would make it easier for consumers to identify and remove inaccurate information from their credit reports.

"I wanted to go further, but couldn't because of the Republican majority" in the House, Mr. Frank said. "We improved somewhat how a consumer can respond once they are a victim, but that's not enough."

Frank said consumers should be able to prevent companies from sharing their personal information.

Lawmakers who support the federal bill say it helps financial institutions and consumers alike.

"From Senator Shelby's perspective, it strikes a proper balance between the operation of consumer credit markets and consumer privacy concerns," said Andrew Gray, spokesman for Republicans on the Senate banking committee. He said the committee debated the legislation for six months and held half a dozen hearings.

"We were able to craft a strong, bipartisan legislation that received the unanimous support of the committee," he said. "The House passed a similar bill permanently extending the FCRA provision...Clearly, there is broad and overwhelming support in the U.S. Congress to enact an FCRA bill into law this year."

Ed Mierzwinski, a consumer advocate with the Massachusetts Public Interest Research Group, said he is concerned that the federal bill would stifle new ideas at the state-level.

"Virtually every piece of this bill is based on an existing state law," he said. "So if you permanently prevent states from passing laws in future, where will these ideas come from?"