Section

1         

Data protection. Requires state and local government agencies to have safeguards to require that confidential or personal data on individuals be disposed of only in a way that makes the data impossible to read.

2         

Attorney general data coded elsewhere. Provides a cross-reference in the data practices chapter for the data practices provision in this bill involving the identity theft passport.

3         

Security freezes on credit reports regarding minors. Requires consumer reporting agencies to impose a security freeze on the credit reports of a minor at the written request of a parent or guardian. This means that the consumer reporting agency must not issue a credit report on that minor, except at the request of the parent or guardian, specifying the entity to whom a report may be issued. Provides that the security freeze ends automatically when the minor reaches age 18.

4         

Victim of identity theft; security freeze. (a) Permits a consumer who is a victim of identity theft who has filed a police report to place a "security freeze" on the consumer's credit report. "Security freeze" means that the credit reporting agency must not release the credit report or information from it, in connection with a credit transaction, without the consumer's authorization. The consumer reporting agency is permitted to inform a third party that requests a credit report that the security freeze is in effect.

(b) Defines a victim of identity theft as a victim if that crime as defined in state law or a person who has been notified that the person's personal information has been disclosed to an unauthorized person.

(c) Requires that the security freeze be put in place within five days of a request by the consumer.

(d) Requires that the credit reporting agency confirm the freeze in writing within 10 days and provide a unique password for the consumer to use in providing authorization to release the credit report for a specific period of time or to a specific party.

(e) States the procedure for temporarily lifting the freeze.

(f) Requires that the freeze be lifted within three days after a request by the consumer.

(g) Permits use of expedited electronic procedures to receive and implement requests to lift the freeze.

(h) Says when the credit reporting agency may temporarily lift a freeze.

(i) Permits a third-party to treat an application for credit or for anything else to treat an application as incomplete if the freeze prevents getting a credit report.

(j) Requires the credit reporting agency to explain to the consumer how a freeze works.

(k) Says the freeze remains in effect until the consumer requests its removal, and describes the process.

(l) Lists the types of users of credit reports that are not affected by this section.

5         

Security freeze; changes to information; written confirmation required. Prohibits credit reporting agencies from changing certain information in a credit report when a security freeze is in effect, without giving written confirmation to the consumer within 30 days. That information is name, date of birth, social security number, and address.

6         

Security freeze; not applicable to certain consumer reporting agencies. Says this section does not apply to re-sellers of credit information that do not maintain a database of credit information for creation of new credit reports. Requires them to honor security freezes placed in a consumer report by another credit reporting agency.

7         

Security freeze; exempt entities. Lists types of entities not covered by this bill.

8         

Information furnished to a governmental agency. Permits credit reporting agencies to report certain information to government agencies, in spite of a security freeze.

9         

Records management program. Makes a change to conform to section 1 , regarding disposal of state records containing private or confidential information.

10     

Disclosure of personal information; notice required. Amends a 2005 law that requires private businesses to disclose a breach of security of their data on individuals to those individuals. The amendment clarifies that the law applies only to successful breaches of security.

11     

Exemption. Amends the same 2005 law amended in the preceding section. The amendment eliminates from that law an exemption for health care providers, health insurers, and related entities regarding health data.

12     

Responsible disposal of personal information. Requires private businesses, including nonprofit entities, to dispose of paper or electronic records containing information on individuals only in a way that makes the information impossible to read. This section is the private sector counterpart of sections 1 and 3, which impose the same requirement on state and local government records. Provides that enforcement is by the business's regular regulator, if there is one, or, if not, by the attorney general.

13     

Credit freeze regarding minors. Prohibits businesses from knowingly granting credit to a minor, unless the minor's parent or guardian requests it in writing.

14     

Credit card offers and solicitations; address verification. (a) Requires a credit card issuer to verify an address change if an application for a credit card gives an address for the applicant that differs from the address to which the credit card issuer sent the solicitation. The verification must be done before the card is issued.

(b) Provides that a recipient of a credit card solicitation is not liable for charges incurred on a card in the recipient's name, if the verification was not done, unless it is proven that the recipient did incur the charges.

(c) Requires a credit card issuer to verify a change of address notification, if the issuer receives a request for an additional card within ten days after receiving the request for the address change.

15     

Identity theft passport. Provides for issuance of a document, called an identity theft passport, to a person, to prove to others, such as creditors, that the person has reported identity theft to a law enforcement agency. Permits a person who has reported identity theft to a law enforcement agency to apply for the passport through any law enforcement agency. Requires the agency to send the application, together with a copy of the police report, to the attorney general. Permits the attorney general to issue the identity theft passport on the basis of those documents. Provides that the holder of an identity theft passport may present it to a law enforcement agency or to a creditor to help prove that the holder is a victim of identity theft. Gives law enforcement agency or creditor discretion to accept or reject the passport, based upon its evaluation of the evidence.

16     

Admissibility of evidence of identity theft; request to supreme court. Requests the state supreme court to consider revising the rules of evidence used in the state court system to permit authentication of business records offered as evidence in a civil or criminal proceeding on the basis of an affidavit signed by the custodian of those records, without the in-person testimony of the custodian to authenticate the records. Requests this revision to apply at least in cases involving identity theft. Suggests a California law as a possible model. This type of authentication by affidavit could permit, for instance, the use of bank or credit card records in court without the expense of having a bank or credit card company employee travel to Minnesota to testify in person that the records are accurate copies of the records of the bank or credit card company.