washingtonpost.com  > Print Edition > Sunday Sections > Sunday Outlook
Correction to This Article
A March 6 Outlook information box on credit reports created confusion for some Maryland readers. As the box stated, existing state law makes Marylanders eligible for a free report annually. But until Sept. 1, they are not eligible under a new federal credit law that mandates free reports for all states. So until that date, Maryland residents must contact the three major credit bureaus directly rather than using the all-in-one phone number and Web site set up under the federal program. Some readers also reported frustration with using the companies' automated phone systems. A more detailed guide for navigating them will appear in Sunday's Outlook section.
Page 2 of 2  < Back  

When Your Identity Is Their Commodity

Our system evolved this way because Congress has declined to take a comprehensive approach that would establish a baseline of protection for all personal information. Instead, it has focused on some sectors, or responded to problems as they have arisen.

Congressional action became imperative after the Supreme Court ruled in 1976 that the Constitution did not protect personal data held by banks and other private firms. In essence, the court held that by becoming a bank customer, you surrender your information to the flow of commerce, and thereby surrender your privacy. The information might be about you, but if financial institutions collect and keep it, they own it.

Under a new federal law, residents of all states and the District of Columbia will be able to request free copies of their credit reports by Sept. 1. The law goes into effect in stages. Residents of 25 states in the western half of the country, plus others covered by pre-existing state laws, can obtain free reports now; 10 Southern states join the list on June 1, followed by the Northeast three months later. Consumers will be entitled to one free report a year from each of the three major nationwide credit bureaus. If someone is trying to steal your identity and opens a credit card account in your name, that activity appears on your credit report. Financial consultants advise consumers to request reports at least once annually to verify their accuracy.

Alaska, Arizona, California, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Michigan, Minnesota, Missouri, Montana, Nebraska, Nevada, New Mexico, North Dakota, Ohio, Oregon, South Dakota, Utah, Washington, Wisconsin, Wyoming

Alabama, Arkansas, Florida, Kentucky, Louisiana, Mississippi, Oklahoma, South Carolina, Tennessee, Texas

Connecticut, Delaware, District of Columbia, New Hampshire, New York, North Carolina, Pennsylvania, Rhode Island, Virginia, West Virginia

Georgia, Maine, Massachusetts, Maryland, New Jersey, Vermont (Residents of these states must contact the three major credit bureaus directly until Sept. 1. They cannot use the all-in-one Web site and phone number listed below)

Equifax: 800-685-1111
www. equifax.com

Experian: 888-397-3742

TransUnion: 800-888-4213

Residents of Western and Midwestern states can reach all three agencies at www.annualcreditreport.com or 877-322-8228. Residents of other states will be able to use that Web site and phone number once their state becomes eligible under the phased-in federal law.


So yes, your information is a commodity; and no, you don't get a cut.

The credit report is at the epicenter of identity theft. First it enables the crime and later it becomes the main source of damage to the victim.

There are three major credit reporting agencies (CRAs) -- Equifax, TransUnion and Experian (formerly TRW). Each maintains electronic credit reports on 200 million American adults. The industry proudly proclaims the system as the best in the world, and claims it has boosted the economy by reducing the cost of credit while increasing convenience for businesses and highly mobile consumers.

Throughout the 1990s, however, complaints about glaring inaccuracies and the CRAs' inability, or unwillingness, to correct them prompted Congress to act. In 1996, it strengthened the first privacy law, the Fair Credit Reporting Act of 1970. Burgeoning identity theft led to more FCRA amendments in 2003.

We know why Willie Sutton robbed banks. Identity thieves also know where the money is. Once they steal identities, thieves can get credit in the victim's name and go on a shopping spree. When a thief applies for credit using your name and Social Security number (SSN), the CRAs disclose your credit report. Typically, their algorithms will tolerate conspicuous discrepancies in name and address, even in city and state, as long as the fraudster puts your exact SSN on the credit application. It turns out to be a relatively low-risk, high-reward crime.

A Federal Trade Commission survey estimated that nearly 10 million Americans were victims of some form of identity theft in 2003, triple the number in 2001. Yet, in a little-noticed report that year, the TowerGroup, a Massachusetts-based consulting firm, said the incidence of identity theft was such a small fraction of transactions that most financial service companies could not justify the extra expense of preventing it.

That's not much comfort to the victims who describe such crimes as a form of "data rape" that leaves them deeply scarred. It takes a maddening amount of time and effort to persuade credit bureaus to remove fraudulent accounts from credit reports, or to convince creditors to stop reporting them. In the meantime, unpaid debts and collections can ruin a victim's credit score, often leading to denials of mortgages or other credit. The aggravation and frustration tend to compound. The burden is on the victim to write certified letters, keep records and follow up until the problem is solved.

How can you protect yourself? It seems ironic, but the best method of protection is regularly checking your credit report for early signs of identity theft. The report shows which companies have pulled it and why. So if you live in Virginia and a car dealer in Texas pulled your report -- that's a red flag. Another sign is an unpaid debt that isn't yours. Starting Sept. 1, East Coast residents can get all three of their credit reports once a year for free -- thanks to Congress's 2003 overhaul of the FCRA. Marylanders already are entitled under state law.

To its credit, ChoicePoint is offering free credit reports and a free report-monitoring service to the 145,000 recipients of its warning letter. Monitoring services offer a glimmer of hope, as they give you regular access to your credit report and alert you to new entries. Such alerts could enable you to nip identity theft in the bud. The main problem is that each credit bureau charges about $100 a year for the service. It's a bit like a protection racket. They will charge you so you can make sure that they did not improperly divulge data to help an identity thief. That's good work if you can get it.

Since the FCRA already requires "maximum possible accuracy," and directs bureaus to curb identity theft, why aren't such services "standard features," rather than "extras"?

Price aside, these services prove a vital point: Database technology has finally allowed us to plug into our own personal information, a privilege thus far reserved for the CRAs and ChoicePoints of the world -- and the thousands of companies they sell to. This will enable individuals to ensure the accuracy and proper use of their data, and to promptly rap the knuckles of those who cross the line.

The information age, understandably viewed as detrimental to privacy, can be turned to privacy's advantage. In the future, all individuals will routinely monitor their personal data, and not just their credit reports. The companies that now seem to be the crux of the problem have incentives to make us all part of the solution. Government agencies and major corporations can save billions of dollars by converting personal data transactions from paper to electronics, but public resistance will continue until there's a strong privacy regime in place. The ChoicePoints of the world could even profit by helping, but they'll have to view us as more than just "data subjects."

It's ironic that large firms, which have been careless about privacy, might discover they have financial incentives to become genuine privacy advocates, and figure out ways to live up to the task. Of course, that realization is probably a ways off.

Meanwhile, go check your credit report.

Author's e-mail:


Evan Hendricks is editor and publisher of Privacy Times and author of "Credit Scores & Credit Reports: How the System Really Works, What You Can Do" (Privacy Times).

< Back  1 2

© 2005 The Washington Post Company