Gov. Christine Gregoire is expected to sign two bills giving consumers additional weapons for fending off identity theft, but with amendments that consumer advocates say will mute their impact.
A security-breach bill, Senate Bill 6043, will require consumers to be notified by credit-reporting and consumer-data agencies if a security breach compromises their personal information.
And a security-freeze bill, Senate Bill 5418, will let victims of identity theft — or those whose personal data have been stolen — place a security freeze on their credit files with credit-reporting agencies to lock out potential thieves.
One of the state's top consumer groups, the Washington Public Interest Research Group, dropped its support for the security-breach bill when amendments were added letting companies decide whether to notify customers when their data are stolen. If the companies consider it a "technical breach" that doesn't seem reasonably likely to subject customers to criminal activity, they're not required to tell customers.
Supporters of the new language, including the Washington Bankers Association, said it would keep consumers from being inundated with notices every time a hacker makes it through a single security layer before being stopped by additional security measures.
WashPIRG said the new language adds a "trap door" to the law, letting companies that couldn't protect sensitive data in the first place decide whether to let their customers know about it.
The bill originally was spurred by a widely publicized data breach involving ChoicePoint, whose massive consumer databases were compromised by thieves who stole sensitive data earlier this year from an estimated 145,000 people, nearly 3,200 of them in Washington.
ChoicePoint was compelled to notify consumers in California about the data breach by a security-breach law there, then ultimately notified customers in every other state.
The two sides disagree about whether Washington's bill would have legally required ChoicePoint to notify Washington consumers about the breach.
The other piece of legislation — the security-freeze bill — originally would have allowed any consumer, not just identity-theft victims, to place a security freeze on their credit files for a moderate fee.
The amended version limits the security freeze to victims who have submitted a valid police report to the credit-reporting agencies or to consumers notified that their personal data have been stolen. Placing or lifting the freeze would be free.
Additional consumer legislation and how it fared:
• Another bill for identity-theft victims, Senate Bill 5939, would require police departments to provide victims with police or incident reports, allowing victims to work with credit-reporting agencies to clean up fraudulent accounts and place a fraud alert or security freeze on their file. The governor is expected to sign the bill, an aide said.
• A credit-card-marketing bill, Senate Bill 5506, establishes policies regarding the marketing or merchandising of credit cards to students at the state's institutions of higher education. The governor signed the bill Monday, and it will take effect July 24.
• A bill limiting the use of credit history in insurance renewal, Senate Bill 5275, would have kept insurance companies from using newer credit history to raise a policyholder's premiums. The bill passed the Senate but died in the House.
• Senate Bill 5672 would have given commercial parking businesses more clout to collect on unpaid-parking notices. The businesses would have been authorized to charge late fees up to $25, to hire collection agencies to pursue people with unpaid tickets, and to collect attorney fees if they prevailed in court. The bill cleared the Senate but died in the House.
Bills that failed this session technically remain alive when the Legislature reconvenes in January. Backers of 5672 say they expect to make clarifications and get the bill approved next year.
