Alabama Consumers…the Last To Know

By October 10, 2017Press Releases

Unless you really are waiting for your Nigerian prince to show up with your $10 million, you probably prefer to keep your personal information out of the hands of criminals. As we have learned over and over again – your momma was right – your best asset is your good name. Nothing can soil your reputation faster than your social security number in the hands of a scammer. And it is hard to retrieve that good name – it can take years.

While national companies like Equifax and Target are required to let you know your number came up in a data breach, local companies in Alabama face no such requirement.

I love to swipe my card at my local grocer, pharmacy and ice cream shop, but how secure is it? In 47 states and the District of Columbia, consumers have a ‘data breach notification act” that gives you a head start to freeze your credit before you’ve bought a new TV and sound system in Hackensack.

Personally, I would really appreciate an email if your business is hacked and my name, social security number, birth date, and credit card number are now in the hands of an identity thief.  Sure, it is inconvenient for the business, but what about the inconvenience of ruined credit, fake accounts in your name, or your equity gone and your house mortgaged out from under you, a popular scam of a few years back.

Your protection has been blocked by Montgomery lobbyists. They have successfully killed a data breach notification bill to protect Alabama business from the ‘onerous’ task of notifying you when they are hacked. Sure, it is hard on everybody.

Listen data breaches happen. Ask Equifax, one of the largest credit monitoring companies.  It had 143 million Americans’ names, social security numbers, birth dates, addresses, and in some cases driver’s license numbers taken in May and June.  The company discovered the breach in late July.  They told consumers on September 7th – 40 days later. As a consolation prize, for free, you can re-enter all of your personal information to a new secure site to monitor the possible damage from the last secure site.

Breaches happen because your data turns into dollars on the dark web.  Your identity has value. Just ask anyone who has struggled to restore their personal identity.  And Equifax’s hack is not an isolated incident.  Remember the Target breach in 2013?  It exposed 41 million customer payment accounts. Then Anthem, an insurance company, in 2015 had 80 million social security numbers hacked.  Last year Yahoo lost data impacting 1 billion users’.

Senator Arthur Orr introduced SB106 to create the Alabama Information Protection Act of 2015.  As Chief Deputy Attorney General, I lobbied for this consumer protection. It required certain Alabama businesses to notify you, the consumer, and the Attorney General in the event of a data security breach involving at least 500 individuals. It required businesses that receive your personal information to take “reasonable measures” to protect and secure that data and notification to the AG within 30 days if not sooner.  Business killed the bill that would have given Alabama customers the same protection 47 states, plus the District of Columbia, enjoy.

In 2016, we tried again. Senator Orr introduced SB238 to create the Alabama Information Protection Act of 2016.  To try and address business concerns the number of individuals impacted was increased to 1,000 and 60 days was given to provide notification. It exempted businesses already covered by notification laws like insurance, financial institutions and healthcare. But once again the bill died.

Businesses collect this data to enhance their ability to serve us and to market to us. We provide it to obtain goods or services. Both are vulnerable when so much stock is put on a few numbers that define so much of your life: your health records, your prescriptions, your insurance, your credit cards, the security of your home.

Don’t take chances with the lives of Alabama customers by not letting us know when you lost our identity!  Let’s join the rest of the nation and have data breach notification – a common and commonsense consumer protection for Alabamians. I urge all legislators to support Senator Orr’s bill in 2018, We need you to have the consumers’ back on this important issue.  Otherwise, you might just find that Nigerian prince riding off into the sunset with your savings account.