BILL ANALYSIS

 

 

                                                                                                                                       S.B. No. 674

                                                                                                                               By:  Senator West

                                                                                                                           Business & Industry

                                                                                                           Committee Report (Amended)

 

 

 

BACKGROUND AND PURPOSE

 

According to the Federal Trade Commission (FTC), Texas is second in the nation in the number of identity theft cases reported.  Identity theft is considered to be the fastest-growing crime in the United States, affecting 27 million people over the previous five years, according to a 2003 FTC report.  Texas' Crime Victim Clearinghouse reports that financial identity theft is primarily accomplished through the use of the victim's social security number.  According to the Texas Commission on Law Enforcement Officer Standards and Education, more than 20,000 Texans were identity crime victims in 2003, up from 14,000 in 2002.

 

The Identity Theft Resource Center recommends the passage of laws to restrict companies from requesting a person's social security number for use as identifying information.  Although there is no legal requirement, some businesses do request a customer's social security number for various reasons.

 

The FTC lists "business record theft" as one of the ways a person's identifying information can be stolen.  This can be done by employees taking files from offices or through hacking into electronic files.

 

Federal statutes currently prohibit any federal, state, or local government agency from denying any right, privilege, or benefit provided by law for a person's refusal to disclose his social security number.  There is no similar restriction applicable to private businesses.

 

State law presently bans the printing of an individual's social security number on a card in order to access a product or service unless the applicant has made such request.

 

Senate Bill No. 674 restricts the use of a person's social security number by non-financial entities.  The bill does not limit the use of the social security number for governmental purposes.

 

 

RULEMAKING AUTHORITY

 

It is the opinion of the Committee on Business and Industry that this bill does not expressly grant any additional rulemaking authority to a state officer, institution, or agency.

 

 

SECTION-BY-SECTION ANALYSIS

 

SECTION 1.  Amends Subchapter D, Chapter 35, Business & Commerce Code, by adding Section 35.62, as follows:

 

Sec. 35.62.  PROHIBITED ACTS WITH RESPECT TO USE OF CUSTOMERS' SOCIAL SECURITY NUMBERS.  (a)  Defines "customer" and "financial institution." 

 

(b)  Prohibits a person from requesting a customer's social security number, or another number that includes four or more consecutive digits of a customer's social security number, as an identifier unless the number is needed to complete a credit check that is required to provide a service or product requested by the customer. 

 

(c)  Requires a person that requests a person's social security number to complete a credit check under this section to destroy each record of the number by shredding, erasing, or other means after the credit check is completed or to maintain it under limited circumstances and under tighter security.

 

(d) Provides that when the customer's number is no longer maintained as provided in (c), that each record of the number be destroyed as described in (c).

 

(e) Provides that a person may not request an existing customer's social security number, or another number that includes four or more consecutive digits of an existing customer's social security number, to verify the customer's relationship with the person.

 

(f)  Provides that this section does not apply to a financial institution, a governmental entity, a certain covered entity as defined in the Insurance Code, or a person required to maintain and disseminate a privacy policy under certain federal law. 

 

(g)  Provides that a person that violates this section is liable to the state for a civil penalty of $1,000 for each violation.  Authorizes the attorney general or the prosecuting attorney in the county in which the violation occurs to bring suit to recover the civil penalty imposed under this section.  Authorizes the attorney general to bring an action in the name of the state to restrain or enjoin a business from violating this section.

 

SECTION 2.  Provides for a study to be conducted by the Office of Consumer Credit Commissioner.

 

SECTION 3.  Effective date: September 1, 2005.

 

 

EFFECTIVE DATE

 

September 1, 2005.

 

 

IMPACT OF COMMITTEE AMENDMENT

 

Committee Amendment No. 1 would do the following to the Senate engrossed version of Senate Bill No. 674:

 

On page 2, line 21 delete "or".

 

On page 2, line 24 delete the "." and replace with "; or".

 

On page 2, add to subsection (f) paragraphs (5) and (6) between lines 24 and 25 as follows:

 

            "(5) a regulated utility subject to the jurisdiction of the Public Utility Commission of Texas, whose use of such information includes, but is not limited to, providing and coordinating customer data for purposes of administration of the Low-Income Discount Administrator (LIDA) Program or the Low Income Energy Assistance Program (LIHEAP); or

 

            "(6) an electric utility or retail provider as defined by Section 31.002, Utilities Code."

 

On page 2, line 25, strike "(g)" and substitute in lieu thereof "(h)".