GRAND RAPIDS – On March 1, several laws protecting consumers and their credit went into effect in Michigan. The Fair Credit Reporting Act is a federal law that allows U.S. consumers to view their credit reports for free, once per year. The others are state laws and include the Identity Theft Protection Act and the Social Security Number Privacy Act. Working together, these laws become powerful weapons in the consumers? fight identity theft, writes Associate Attorney F. Douglas Mileski of Law, Weathers & Richardson.
The FCRA, which went into effect January 1 on the West Coast but is not yet in effect in the South or Northeastern states, grants consumers the right to view their personal credit information maintained by Equifax, Experian and Trans Union once every year. The credit bureaus will not respond to requests for free credit reports, instead all requests must go through the Annual Credit Report Request Service by calling (877) 322-8228 or by visiting their website at www.annualcreditreport.com.
The credit reports are free, but because the free report is only intended to help consumers detect fraud, if consumers want to see FICO scores (the score used to determine everything from credit approval to insurance rates) they should be prepared to pay about $7 to each credit bureau.
The ITPA will have a broad impact on Michigan consumers. First and foremost, although identity theft was already illegal, the new law more clearly spells out the crime and punishment, making it a felony to use someone?s personal identifying information to obtain goods and services without their consent.
By clarifying that perpetrators of identity theft can be prosecuted where the offense occurred, where the stolen information was used illegally or where the victim resides, and by extending the statute of limitations for prosecuting identity thefts to six years, the ITPA provides powerful new tools for law enforcement that enhance its ability to track down and prosecute the perpetrators.
In the past, because of confusion over where an identity theft could be prosecuted, some police agencies were reluctant to take a report, which hindered victims? ability to dispute unauthorized accounts and charges and made restoring credit difficult. Now, the police agency having jurisdiction over a victim?s residence clearly has jurisdiction to take a report and pursue prosecution of the identity thief. By extending the statute of limitations for prosecuting identity theft, victims that may not discovered that their identity was stolen have more time to report the crime and the police have more time to investigate and prosecute the identity thief.
The ITPA is also designed to help those who have already been victimized by identity theft by prohibiting businesses from denying credit or public utility services to them if the victim provides documentation to the business or utility. An identity theft victim only needs to provide a police report and an affidavit or similar form to a business or utility to move the responsibility for stopping unauthorized use of a victim?s identity onto the business that was notified and away from the victim.
The ITPA gives identity theft victims the power to fight companies that ignore disclosure requirements and that wrongfully deny credit or utility service to identity theft victims by specifically allowing victims to use the Michigan Consumer Protection Act. The Michigan Consumer Protection Act is an important tool for private enforcement of the ITPA because it allows an identity theft victim to seek attorney fees if they are wrongfully denied credit or utility service.
The ITPA also prohibits businesses from issuing receipts that contain more than the last four digits of a credit card account or from issuing unsolicited checks and credit cards to consumers.
Finally, the ITPA prohibits and create penalties for photographing, recording, or electronically transmitting personal identifying information taken, without consent, from credit, debit, and ATM cards.
Most people know that one of the keys to protecting your identity is limiting exposure of your social security number. The SSNPA, which partially went into effect on March 1, and will be fully effective on January 1, 2006, prohibits the use of full social security numbers in most circumstances. The SSNPA aims to reduce the use of SSNs by businesses and schools in ways that expose them to public view. Examples of the newly prohibited uses include SSNs as student identification numbers and displaying SSNs on an employee?s badge.
Of particular importance to businesses, the SSNPA requires businesses that collect one or more social security numbers in the ordinary course of business to create a privacy policy for protecting those SSNs. The SSNPA gives businesses until January 1, 2006 to comply with the privacy policy requirement if a business has a plan to implement a privacy policy by that date and exempts credit reporting agencies and financial institutions already complying with the Gramm-Leach Bliley Act. The privacy policy businesses are required to develop must prohibit unlawful disclosure, must limit accessibility to the SSNs, must describe proper disposal of records of SSNs and must be published in an employee handbook or similar document.
Although the SSNPA is designed to reduce the use of full SSNs, there are situations in which a consumer may still be required to provide an SSN. If a website is encrypted and requires a password other than an SSN for access, the website may then utilize full social security numbers. Also, credit applications and credit checks may still require social security numbers. Businesses may use SSNs to attempt to detect identity theft and SSNs may be used to conduct criminal and background investigations.
The SSNPA creates a private right to sue businesses that fail to comply. The SSNPA empowers people who have had their SSN exposed improperly to sue for actual damages or $1,000, whichever is greater, plus attorney fees.
Doug Mileski is an associate attorney at Law, Weathers & Richardson. He focuses his practice in general business law. He received his law degree, magna cum laude, from Michigan State University Detroit College of Law. He also received a Bachelor of Arts degree from Michigan State University. Doug is a member of the Grand Rapids Bar Association, the State Bar of Michigan, and the American Bar Association.
