[Congressional Record Volume 148, Number 125 (Monday, September 30, 2002)]
[Extensions of Remarks]
[Page E1692]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




              THE IDENTITY THEFT CONSUMER NOTIFICATION ACT

                                 ______
                                 

                         HON. GERALD D. KLECZKA

                              of wisconsin

                    in the house of representatives

                      Thursday, September 26, 2002

  Mr. KLECZKA. Mr. Speaker, earlier this year, hundreds of residents of 
Wisconsin were notified by their bank that their personal information 
had been stolen by a former employee. While the bank in question had 
discovered last September that this crime had taken place, it did not 
notify the victims until May 2002. This is completely unacceptable. In 
the meantime, those whose information had been compromised had no idea 
that their information had been sold to a ring of identity thieves, who 
were using the financial records to make purchases in the victims' 
names, including high-end automobiles.
  Today I am introducing legislation that requires financial 
institutions to notify their customers if their personal information 
was compromised as the result of employee misconduct or computer 
hacking.
  Identity theft is a crime that occurs with increasing frequency every 
year, and I have introduced legislation in three consecutive sessions 
of Congress to increase the level of control and protection one has 
over personal information. However, the fact that there is nothing in 
law that compels financial institutions to notify customers that their 
personal information had been compromised in a timely fashion requires 
action.
  My legislation, the Identity Theft Consumer Notification Act, would 
require banks to promptly notify consumers that their information has 
been stolen, assist the customer in repairing his or her credit 
history, and cover any false charges made by the criminal for which the 
victim is liable. In addition, the annual privacy notices that 
financial institutions are required to send customers on an annual 
basis would have to include a description of the bank's obligation to 
provide notification and assistance in cases in which a customer's 
information had been compromised.
  There could be instances in which identity theft is discovered, but 
law enforcement would be in a better position to successfully complete 
an investigatiozn and collect sufficient evidence for conviction if 
notification was delayed. As a result, this bill allows for a temporary 
waiver of disclosure if law enforcement makes such a request.
  Lastly, a recent Supreme Court case limited the statue of limitations 
for victims seeking compensation from credit reporting agencies that 
allowed criminals to falsely use another person's financial 
information. The Court held that the statute of limitations begins to 
toll at the time a crime was committed, rather than at the time that 
the crime was eventually discovered by the victim. Given that the 
statute of limitation is only two years, it makes sense to start the 
clock at the time the crime is discovered, rather than at the time the 
crime was committed, since that abbreviated time limit leaves some 
victims unable to seek compensation.
  This legislation will give consumers confidence that institutions 
that they have entrusted with their finances have an obligation to 
notify them if their personal information has been compromised, and 
that the institution will help them through the often arduous task of 
correcting their credit history and compensate them for losses incurred 
as a result of this crime. I urge my colleagues to cosponsor this 
legislation and give consumers the notification they need to minimize 
and quickly repair the damage done by identity thieves.

                          ____________________