78(R) SB 473 Enrolled version

SRC-TAG S.B. 473 78(R)    BILL ANALYSIS


Senate Research CenterS.B. 473
By: Ellis, Rodney
Criminal Justice
7/8/2003
Enrolled
DIGEST AND PURPOSE 

Currently,  consumer reporting agencies allow individuals who are or
suspect that they are victims of identity theft to place security alert on
their credit reports.  However,  security alerts are only advisory in
nature and are not always followed by merchants and credit grantors.
Moreover, a victim of identity theft is often embroiled in long process of
clearing credit history, financial affairs, or even criminal records.
S.B. 473 allows a victim of identity theft to place a freeze, for a modest
fee, on his or her credit report and provides for confidentiality of
social security numbers.  This bill seeks to prevent identity theft, which
is one of the fastest growing crimes in the United States as well as in
Texas.  

RULEMAKING AUTHORITY

This bill does not expressly grant any additional rulemaking authority to
a state officer, institution, or agency. 

SECTION BY SECTION ANALYSIS

SECTION 1.  Amends Section 20.01, Business & Commerce Code, by adding
Sudivisions (7) and (8),  to define "security alert" and "security
freeze." 

SECTION 2.  Amends Section 20.03, Business & Commerce Code, by adding
Subsection (d), to  
requires any written disclosure by the consumer reporting agency (agency)
to include a clear and simple statement that explains to the consumer the
consumer's right under this subchapter and includes certain information.  

SECTION 3.  Amends Chapter 20, Business & Commerce Code, by adding
Sections 20.03120.039, as follows: 

Sec.  20.031.  REQUESTING SECURITY ALERT.  Requires an agency, not later
than 24 hours after receiving a request in writing or by telephone and
with proper identification by a consumer, to place a security alert on the
consumer's file.  Prohibits the security alert from exceeding 45 days
after the date the agency enacted the alert on the files.  Provides that
there is no limit on the number of security alerts a consumer may request.
Requires the agency, on request in writing or by telephone and with proper
identification provided by the consumer, to provide a copy of their
consumer's file, at the end of a 45-day security alert.  Authorizes a
consumer to include with the security alert request a telephone number to
be used by persons to verify the consumer's identity before entering into
a transaction with the consumer. 

Sec.  20.032.  NOTIFICATION OF SECURITY ALERT.  Requires an agency to
notify a person who requests a consumer report if a security alert is in
effect for the consumer file involved in that report and include a
verification telephone number for the consumer if the consumer has
provided a number under Section 20.031. 

Sec.  20.033.  TOLL-FREE SECURITY ALERT REQUEST NUMBER.   Requires an
agency to maintain a toll-free telephone number that is answered at a
minimum during normal business hours to accept security alert requests
from consumers.  Requires, if calls are not answered after normal business
hours, an automated answering system to record requests and  calls to be
returned to the consumer not later than two hours after the time the
normal business days begins on the next business day after the date the
call was received. 

Sec.  20.034.  REQUESTING SECURITY FREEZE.  (a)   Requires an agency, on
written request sent by certified mail that includes proper identification
provided by a consumer and a copy of a valid police report, investigate
report, or complaint made under Section 32.51(Fraudulent Use or Possession
of Identifying Information), Penal Code, to place a security freeze on the
consumer's file by the fifth business day after receiving the agency's
request.  

(b)  Requires an agency, upon request for a security freeze provided by a
consumer under Subsection (a), to disclose to the consumer the process of
placing, removing, and temporarily lifting a security freeze and the
process for allowing access to information from the consumer's file for a
specific requester or period while the security freeze is in effect. 

(c)  Requires an agency, by the 10th business day after receiving the
request for a security freeze, to send certain information to the
consumer. 

(d)  Authorizes a consumer to request in writing a replacement personal
identification number or password.  Requires the request to comply with
the requirements for requesting a security freeze under Subsection (a).
Requires the agency by the third business day after the agency receives
request for a replacement personal identification number or password
provide the consumer with a new unique personal identification number or
password to be used by the consumer instead of the number or password that
was provided under Subsection (c). 

Sec.  20.035.  NOTIFICATION OF CHANGE.  Requires an agency, if a security
alert is enacted, to notify the consumer in writing regarding a change of
name, date of birth, social security number, or address by the 30th
calendar day after the date the change occurred. Requires the agency to
send notification of a change of address to the new address and former
address.  Provides that this section does not require notice of an
immaterial change, including a street abbreviation change or correction of
a transposition of letters or misspelling of a word. 

Sec.  20.036.  NOTIFICATION OF SECURITY FREEZE.  Requires an agency to
notify a person who requests a consumer report if a security freeze is in
effect for the consumer file involved in that report. 

Sec.  20.037.  REMOVAL OR TEMPORARY LIFTING OF SECURITY FREEZE.  (a)
Requires an agency to remove a security freeze by the third business day
after receiving a request in writing or by telephone and with proper
identification provided by a consumer, including the consumer personal
identification number or password provided under Section 20.034. 

(b)  Requires an agency, under certain circumstances, to temporarily lift
the security freeze, by the third business day after receiving a request
in writing or by telephone and with proper identification provided by a
consumer, including the consumer's personal identification number or
password provided under Section 20.034.  

(c)  Authorizes an agency to develop procedures involving the use of a
telephone, a facsimile machine, the Internet, or another electronic medium
to receive and process a request  from a consumer under this section. 

(d)  Requires an agency to remove a security freeze placed on the consumer
file if the security was placed due to a material misrepresentation of
fact by the consumer.  Requires the agency to notify the consumer in
writing before removing the security freeze under this subsection. 

(e)  Prohibits an agency from charging a fee for a request under
Subsection (a) or (b). 

Sec.  20.038.  EXEMPTION FROM SECURITY FREEZE.  Provides that, under
certain circumstances, a security freeze does not apply to a consumer
report. 

Sec.  20.0385.  APPLICABILITY OF SECURITY ALERT AND SECURITY FREEZE.
Provides that the requirement under this chapter to place a security alert
or security freeze on a consumer files does not apply to certain
circumstances.  

Sec.  20.039.  RESPECT OF SECURITY FREEZE.  Requires an agency to honor a
security freeze placed on a consumer file by another agency. 

SECTION 4.  Amends Section 20.04, Business & Commerce Code, as follows:

 Sec. 20.04.  New heading: CHARGES FOR CERTAIN DISCLOSURES OR SERVICES.  
(a)   Authorizes an agency to impose a reasonable charge on a  consumer
for placing a security freeze on a consumer file, except as provided by
Subsection (b).  Authorizes an agency, on January 1 of each year, to
increase the charge for disclosure to a consumer or for placing a security
freeze. 

(b)  Prohibits an agency from charging a fee for a request for a copy of
consumer's file made on the expiration of the 45-day security alert; a
toll-free telephone number that consumers may call to obtain additional
assistance concerning their report or to request a security alert; or a
request for a security alert made by a consumer. 

SECTION 5.  Amends Chapter 20, Business & Commerce Code, by adding
Sections 20.11, 20.12, and 20.13, as follows: 

Sec. 20.11.  INJUNCTIVE RELIEF; CIVIL PENALTY.  (a)  Authorizes the
attorney general to file a suit against a person for injunctive relief to
prevent or restrain a violation of this chapter or a civil penalty in
amount not exceeding $2,000 for each violation of this chapter. 

(b)  Authorizes the attorney general,  if the attorney general brings an
action against a person under Subsection (a) and an injunction is granted
against the person or the person is found liable for a civil penalty, to
recover reasonable expenses, court costs, investigative costs, and
attorney's fees.  

(c)  Provides that each day a violation continues or occurs is a separate
violation for purposes of imposing a penalty under this section.  

Sec.  20.12.  DECEPTIVE TRADE PRACTICE.  Provides that a violation of this
chapter is a false, misleading, or deceptive act or practice under
Subchapter E, Chapter 17.  

Sec.  20.13.  VENUE.  Requires an action brought under this chapter to be
filed in a district court: in Travis County; in any county in which the
violation occurred; or in the county in which te victim resides,
regardless of whether the alleged violator has resided worker or done
business in the county in which the victim resides. 
   
SECTION 6.  Amends Subchapter D, Chapter 35, Business & Commerce Code, by
adding Section 35.58, as follows: 
  
Sec.  35.58.  CONFIDENTIALITY OF SOCIAL SECURITY NUMBER.  (a)  Prohibits a
person other than government or governmental subdivision or agency from
taking certain actions. 

(b)  Provides that a person that is using an individual's social security
number before January 1, 2005, in a manner prohibited by Subsection (a)
may continue that use if certain requirements are meet. 

(c)  Prohibits a person, other than government or governmental subdivision
or agency, from denying services to an individual because the individual
makes a written request under Subsection (b). 
 
(d)  Requires the person, if the person receives a written request from an
individual directing the person to stop using the individual's social
security number in a manner prohibited by Subsection (a), to comply with
the request by the 30th day after receiving the request.  Prohibits the
person from imposing a fee or charge for complying with the request. 

(e)  Provides that this section does not apply to the collection, use, or
release of a social security number that is required by state or federal
law, including Chapter 552 (Public Information), Government Code; or the
use of social security number for internal verification or administrative
purposes; documents that recorded or requested to the public under Chapter
552, Government Code; court orders; or an institution of higher education
if the use of a social security number by the institution is regulated by
Chapter 51 (Provision Generally Applicable to Higher Education), Education
Code, or another provision of the Education code.   

(f)  Provides that Subsection (a)(5) does not apply to an application or
form sent by mail, including a document sent as part of an application or
enrollment process; to establish, amend, or terminate an account,
contract, or policy, or to confirm the accuracy of a social security
number. 

SECTION 7.  Amends Subchapter D, Chapter 35, Business & Commerce Code, by
adding Section 35.59, as follows: 

Sec.  35.59.  VERIFICATION OF CONSUMER IDENTITY.  (a)  Defines "consumer
report," "extension of credit," and "security alert." 

(b)  Provides that a person who receives notification of a security alert
under Section 20.032 in connection with a request for a consumer report
for the approval of a creditbased application, including an application
for an extension of credit, a purchase, lease, or rental agreement for
goods, or for an application for a noncredit- related service, may not
lend money, extend credit, or authorize an application without taking
reasonable steps to verify the consumer's identity. 

(c)  Provides that if a consumer has included with a security alert a
specified telephone number to be used for identity verification purposes,
a person who receives that number with a security alert must take
reasonable steps to connect the consumer using that number before lending
money, extending credit, or completing  any purchase, lease, or rental
goods, or approving  any noncredit- related services. 

(d)  Provides that if a person uses a consumer report to facilitate the
extension of credit or for any other transaction on behalf of a
subsidiary, agent, assignee, or prospective assignee, that person, rather
than the subsidiary, affiliate, agent, assignee, or prospective assignee,
may verify the consumer's identity.  

SECTION 8.  Amends Section 1701.253, Occupations Code, by adding
Subsection (i), to require the  Texas Commission on Law Enforcement
Officer Standards and Education, as part of the minimum curriculum
requirements, to establish a statewide comprehensive education and
training program on identity theft under Section  32.51, Penal Code, for
officers licensed under this chapter.  Requires an officer to complete the
program established under this subsection by the second anniversary of the
date the officer is licensed under this chapter or the date the officer
applies for an intermediate proficiency certificate, whichever date is
earlier. 

SECTION 9.  Amends Section 1701.402, Occupations Code, by adding
Subsection (f) to require an officer, as a requirement for an intermediate
proficiency certificate, to complete an education and training program on
identity theft established by the commission under Section 1701.253(i). 

SECTION 10.  (a)  Provides that, except as provided by Subsection (b) of
this section, this Act takes effect September 1, 2003. 
 
 (b)  Provides that Section 35.58, Business & Commerce Code, as added by
this Act,      takes effect January 1, 2005. 

(c)  Requires the office of consumer credit commissioner to review the
impact and efficacy of this Act and to make a recommendation to the
lieutenant governor and the speaker of the house of representatives by
December 31, 2004, as to whether the provisions of this Act should remain
in effect after September 1, 2005. 

 (d)  Requires the Commission on Law Enforcement Officer Standards and
Education, by January 1, 2004, to establish the education and training
programs on identity theft required under Subsection (i), Section 1701.253
and Subsection (f), Section 1701.402, Occupations Code, as added by this
Act. 

(e)  Requires a person who, on September 1, 2003, holds an intermediate
proficiency certificated issued under Section 170.402, Occupations Code,
or has held a peace officer license issued by the Commission on Law
Enforcement Officer Standards and Education for more than two years to
complete an educational training program on identity theft established
under Subsection (i), Section 1701.253, Occupations Code, as added by this
Act, by September 1, 2005.  

(f)  Requires an institution of higher education that is not subject to
the exemption prescribed by Subdivision (5), Subsection (e), Section
35.58, Business & Commerce Code, as added by this Act, to begin acting in
compliance with Section 35.58, Business & Commerce Code, as added by this
Act, on or before September 1, 2007.