House Research Bill Summary
File Number: H.F. 2843
April 12, 2006
Version: Third engrossment
Status: Rules Committee
Authors: Kohls and others
Subject: Identity theft prevention
Thomas R. Pender, 651-296-1885
This publication can be made available in alternative formats upon request. Please call 651-296-6753 (voice); or the Minnesota State Relay Service at 1-800-627-3529 (TTY) for assistance. Summaries are also available on our website at: www.house.mn/hrd/hrd.htm.
This bill has various civil and criminal law provisions designed to prevent identity theft or assist its victims.
state and local government agencies to have safeguards to require that
confidential or personal data on individuals be disposed of only in a way
that makes the data impossible to read.
Attorney general data coded elsewhere.
a cross-reference in the data practices chapter for the data practices
provision in this bill involving the identity theft passport.
Security freezes on credit reports
Requires consumer reporting agencies to
impose a security freeze on the credit reports of a minor at the written
request of a parent or guardian. This
means that the consumer reporting agency must not issue a credit report on
that minor, except at the request of the parent or guardian, specifying the
entity to whom a report may be issued.
Provides that the security freeze ends automatically when the minor
reaches age 18.
Victim of identity theft; security freeze.
(a) Permits a consumer who is a victim of
identity theft who has filed a police report to place a "security freeze" on the consumer's credit
report. "Security freeze" means that
the credit reporting agency must not release the credit report or information
from it, in connection with a credit transaction, without the consumer's
authorization. The consumer reporting
agency is permitted to inform a third party that requests a credit report
that the security freeze is in effect.
(b) Defines a victim of identity theft as a victim
if that crime as defined in state law or a person who has been notified that
the person's personal information has been disclosed to an unauthorized
(c) Requires that the security freeze be put in
place within five days of a request by the consumer.
(d) Requires that the credit reporting agency
confirm the freeze in writing within 10 days and provide a unique password
for the consumer to use in providing authorization to release the credit
report for a specific period of time or to a specific party.
(e) States the procedure for temporarily lifting
(f) Requires that the freeze be lifted within
three days after a request by the consumer.
(g) Permits use of expedited electronic procedures
to receive and implement requests to lift the freeze.
(h) Says when the credit reporting agency may
temporarily lift a freeze.
(i) Permits a third-party to treat an application
for credit or for anything else to treat an application as incomplete if the
freeze prevents getting a credit report.
(j) Requires the credit reporting agency to
explain to the consumer how a freeze works.
(k) Says the freeze remains in effect until the
consumer requests its removal, and describes the process.
(l) Lists the types of users of credit reports
that are not affected by this section.
Security freeze; changes to information;
written confirmation required.
Prohibits credit reporting agencies from
changing certain information in a credit report when a security freeze is in
effect, without giving written confirmation to the consumer within 30
days. That information is name, date
of birth, social security number, and address.
Security freeze; not applicable to certain
consumer reporting agencies.
Says this section does not apply to re-sellers of
credit information that do not maintain a database of credit information for
creation of new credit reports.
Requires them to honor security freezes placed in a consumer report by
another credit reporting agency.
Security freeze; exempt entities.
types of entities not covered by this bill.
Information furnished to a governmental
Permits credit reporting agencies to report certain information
to government agencies, in spite of a security freeze.
Records management program.
change to conform to section 1
, regarding disposal of state records containing
private or confidential information.
Disclosure of personal information; notice
Amends a 2005 law that requires private businesses to disclose
a breach of security of their data on individuals to those individuals. The amendment clarifies that the law applies
only to successful breaches of security.
Amends the same 2005 law
amended in the preceding section. The
amendment eliminates from that law an exemption for health care providers,
health insurers, and related entities regarding health data.
Responsible disposal of personal
Requires private businesses, including
nonprofit entities, to dispose of paper or electronic records containing
information on individuals only in a way that makes the information
impossible to read. This section is
the private sector counterpart of sections 1 and 3, which impose the same
requirement on state and local government records. Provides that enforcement is by the business's regular
regulator, if there is one, or, if not, by the attorney general.
Credit freeze regarding minors.
businesses from knowingly granting credit to a minor, unless the minor's
parent or guardian requests it in writing.
Credit card offers and solicitations;
(a) Requires a credit card issuer to
verify an address change if an application for a credit card gives an address
for the applicant that differs from the address to which the credit card
issuer sent the solicitation. The
verification must be done before the card is issued.
(b) Provides that a recipient of a credit card
solicitation is not liable for charges incurred on a card in the recipient's
name, if the verification was not done, unless it is proven that the
recipient did incur the charges.
(c) Requires a credit card issuer to verify a
change of address notification, if the issuer receives a request for an
additional card within ten days after receiving the request for the address
Identity theft passport.
for issuance of a document, called an identity theft passport, to a person,
to prove to others, such as creditors, that the person has reported identity
theft to a law enforcement agency.
Permits a person who has reported identity theft to a law enforcement
agency to apply for the passport through any law enforcement agency. Requires the agency to send the
application, together with a copy of the police report, to the attorney
general. Permits the attorney general
to issue the identity theft passport on the basis of those documents. Provides that the holder of an identity
theft passport may present it to a law enforcement agency or to a creditor to
help prove that the holder is a victim of identity theft. Gives law enforcement agency or creditor
discretion to accept or reject the passport, based upon its evaluation of the
Admissibility of evidence of identity
theft; request to supreme court.
Requests the state supreme court to
consider revising the rules of evidence used in the state court system to
permit authentication of business records offered as evidence in a civil or
criminal proceeding on the basis of an affidavit signed by the custodian of
those records, without the in-person testimony of the custodian to
authenticate the records. Requests
this revision to apply at least in cases involving identity theft. Suggests a California law as a possible model. This type of authentication by affidavit
could permit, for instance, the use of bank or credit card records in court
without the expense of having a bank or credit card company employee travel
to Minnesota to testify in person that the records are accurate copies of the
records of the bank or credit card company.