Tips to protect your credit          Send a link to a friend

[FEB. 25, 2005]  CHICAGO -- Gov. Rod Blagojevich on Tuesday proposed legislation that would require companies both inside and outside Illinois to quickly notify Illinois consumers if their personal information is compromised due to a breach in company security. The governor's action comes days after public disclosure of a massive security failure in October involving Georgia-based ChoicePoint, which resulted in the theft of personal information, including Social Security numbers, of approximately 145,000 people in all 50 United States -- including roughly 5,000 in Illinois.

Current Illinois law does not require companies to notify consumers when their private information may have been hacked into or exposed to unauthorized sources.

The Blagojevich proposal would require companies to quickly notify anyone from Illinois whose information has been stolen. This would apply whether the company whose records were broken into is located in Illinois or any other state. Personal information would include Social Security numbers, dates of birth, medical records, and other personal and financial information. Companies that do not immediately notify their customers of potential identity theft will face civil penalties.

The stronger requirement will provide dual benefits: making sure that those whose personal information has been stolen are quickly notified and motivating organizations to improve their security systems to better protect personal information.

The governor's proposal is similar to California's 2003 "You've Been Hacked" law, which requires disclosure of any security breach that puts Californians' personal information at risk.

"California's law provides a model for us to work from," the governor said. "I want to make sure Illinois' law is as strong and effective as possible. I look forward to working with lawmakers and have begun reaching out to consumer groups and the business community to get that done."

[to top of second column in this article]

The governor's proposal would also include other consumer protection enhancements, including an option allowing consumers to freeze their credit levels so that additional credit cannot be extended without permission and an identity check, and increased penalties for organized identity theft that involves multiple individuals obtaining personal information for illegal purposes.

A 2004 FBI study of cybercrime found that only 20 percent of companies report computer hackings to the police, and half do not report them to anyone. Identity theft and consumer fraud are rapidly growing problems, costing Americans nearly $550 million last year, up from $430 million in 2003, according to the Federal Trade Commission. The FTC received 635,000 consumer complaints in 2004 about identity theft and consumer fraud.

The governor reminded consumers of practical steps they can take to protect their personal information from thieves: (1) never provide any personal information in response to an unsolicited request; (2) review your account statements regularly to ensure that your transactions are in order; (3) check your credit report to make sure no new credit accounts have been opened in your name; (4) do not use information that can be used to steal your identity (birthdays, names, Social Security numbers, account numbers) as passwords or account numbers; (5) limit the amount of personal information you divulge over the phone or to websites.

[News release from the governor's office]

Related article elsewhere

• ID theft victims face lifetime of vigilance

< Top Stories index

Back to top