What Do Air Conditioners Have to Do With Identity Theft? Bills Schwarzenegger Should Sign to Protect Your Privacy

He goes on to state:

"As unlikely as it seems in this age of heightened vigilance over identity theft, government offices routinely release to the public documents that contain full, nine digit social security numbers. This release is tantamount to an ongoing, legally sanctioned breach of Californians’ personal information, and poses an unacceptable threat of identity theft. Here are some examples:

• County recorders’ offices. A county recorder’s office is the clearinghouse for several types of government-generated documents that contain social security numbers. These include military discharge papers; real estate documents; state and federal tax liens and lien releases; and abstracts of judgment issued by courts. As required by law, recorders make these documents easily available to the public, usually offering in-office viewing stations (e.g., microfilm readers or computer terminals) and compact disks containing the information that can be sent out to interested parties for a nominal fee. In this respect, county recorders essentially sell social security numbers to anyone who requests them.

• Franchise Tax Board. The FTB files tax liens with county recorders as well as the Secretary of State’s office. These liens contained full social security numbers until the FTB made an administrative decision earlier this year to truncate the numbers down to the final four digits.

• Secretary of State. The SOS serves as the clearinghouse for Uniform Commercial Code financing statements, which banks and other lenders file with the state in order to publicly record the names of consumers who have taken out secured loans. Many UCC forms contain the full social security numbers of these borrowers. Until I brought this practice to the Secretary of State’s attention this year, that office sold UCC forms over the Internet for a nominal price to any member of the general public.

"Identity theft can easily occur when the wrong people get a hold of someone else’s name and social security number. It is a betrayal of the public’s trust when government offices give out records containing that very information. Once released, the public records are subject to virtually no restrictions on use and re-distribution, meaning that private data firms that purchase the records can sell them to whomever they choose."

Jones' solution is simple and appealing:

"There is a straightforward solution to this problem: require government offices to truncate (i.e., shorten) social security numbers on public records before releasing the records publicly. On the one hand, shortened numbers are worthless to a fraudster who wants to use them to establish new lines of credit and commit other forms of identity theft. On the other hand, shortened numbers still allow title insurers and taxation authorities to match documents (e.g., tax liens) with a certain individual or a certain piece of property. Truncation of social security numbers in public records strikes a practical balance between consumer privacy rights and legitimate interests in identity verification."

AB 1168 would also begin to address the flurry of data breaches by colleges and universities that have been the subject of stories in the media. These institutions rely heavily on students’ and employees’ social security numbers for a variety of internal administrative functions. Jones notes that "Unfortunately, records containing SSNs continually leak out of colleges in this state, due to laptop thefts, Internet hacking, etc." This bill would require the state to look into whether the use of SSNs by colleges can be reduced, in order to prevent breaches of that information

AB 1298--Think Your Medical Records Are Truly Private and Confidential? Think You Can Freeze Your Credit Reports? Read on.

AB 1298 that it would help prevent the occurrence of an emerging problem known as “medical ID theft,” a problem to be concerned about as more and more health information is created, stored, and communicated in electronic formats.

Here is what Jones told the Governor:

"AB 1298 would respond to consumer concerns about medical privacy in two ways.

"First, it would ensure that businesses offering consumers “personal health records” comply with the state’s existing medical privacy laws. Today, businesses allow people to upload their health information onto websites to create their own medical records. WebMD is an example of one of these businesses – its website offers “a single, secure location for your complete health information.” Google executives also have indicated an interest in entering this market. In the eyes of many, personal health records are a boon for consumers: patients who compile them can ensure that doctors have access to all of their pertinent medical information, and patients can better monitor their own health status.

"But personal health records pose a threat to consumers’ privacy because they do not fall under state or federal medical privacy laws. So, for example, a provider of personal health records could sell a consumer’s medical information to a pharmaceutical company for marketing purposes without first asking for the consumer’s permission to do so. AB 1298 would solve this problem by simply incorporating personal health records into existing state medical privacy laws, which prescribe strict conditions under which healthcare providers can share or use a consumer’s information. Under AB 1298, a consumer would have to provide consent before his or her medical information in a personal health record could be used for marketing purposes. In this way, the bill would allow the personal health records industry to grow unimpeded by consumer concerns over privacy.

"The second facet of AB 1298 is the requirement that consumers be notified when their medical or health insurance information has been lost, exposed, or stolen.

"Why is this consumer notification important? First, it would induce HMOs, doctors groups, and others in the medical sector to better protect patient information. Studies indicate that large segments of the healthcare industry do not adequately secure medical information and are out of compliance with federal medical privacy laws. For example, a 2006 Phoenix Health Systems industry survey found that only 56% of medical providers have implemented federal HIPAA security standards, and 20% of payers (health insurers, etc.) remain out of compliance as well. Not surprisingly, the study found that privacy breaches occurred more often at non-compliant providers than at compliant ones.

"Consumer notification is important for a second reason: consumers can take steps to prevent the data breach from turning into a case of identity theft. There is a risk that a patient’s information, once exposed, would be used by an imposter to secure healthcare services, a crime known as medical identity theft. The patient who is notified of the breach may want to order his medical records so that he can ensure that someone else’s health information hasn’t been conflated with his own, a potentially dangerous situation"

And there's more in AB 1298 to protect your ability to freeze your credit reports. Read this from Jones:

"Apart from medical privacy protections, AB 1298 contains a third provision that would protect California’s groundbreaking credit freeze law from an anticipated legal challenge.

"Consumers currently have the right to stop credit reporting agencies from selling their credit reports. “Freezing” a credit report helps stop ID theft by preventing a fraudster from securing credit cards, loans, apartments, and other goods in someone else’s name.

"A credit reporting agency sued to block enforcement of the law, and, unfortunately, an appellate court recently found in the plaintiff’s favor. The court opined that the law could not be enforced against the plaintiff because a credit freeze allows consumers to block the dissemination of public records. The court enjoined enforcement of the law with respect to the plaintiff only, but the decision leaves the law subject to a future court challenge that could strike down the law altogether. AB 1298 heads off this likely scenario by simply clarifying that a credit freeze applies to all information in a credit report except what is derived from public records."

Conclusion

All three of Jones bills are needed or there will be gaping holes in the promise of existing California laws that your and my privacy is protected. The Governor should have no problem signing all three so we can rest assured when we interact with our government, businesses, and our medical providers.