American Consumers Must Have the Right to Control Access to Their Credit Information

While the Internet has made shopping, bill paying, and financial transactions much more convenient for American consumers, at the same time the Internet has been used for identity theft: consumers find that their personal information can be accessed by hackers who steal their personal data such as date of birth, name, address and Social Security number and can use this to obtain access to financial accounts as well. Identity theft has become the major type of crime committed against American consumers. The reason identity theft is possible is that internet hackers can gain personal information about consumers, then use that information to make online purchases and worse; take out credit cards and steal from savings and other financial accounts. These losses amounted to an estimated $15.4 billion in 2014.

But it may be time for consumers to assert themselves and demand that credit agencies such as Equifax, Experian and TransUnion no longer have a monopoly on control of access to their personal credit information. Historically, whenever people applied for a personal loan such as a mortgage, or tried to open a credit card, the credit card issuer or mortgage lender has always had the right to determine if the person is a good credit risk; if their past behavior proves that they have the financial management skills and income to pay back the loan. They went to the credit agencies for this information. But the recent hacking of personal information from Equifax’s database may signal that it’s time for American consumers to control their own personal information, that their most important, hard earned possession is their credit history, and assert that a third party such as a credit agency does not have the right to control who has access. The time has come for American consumers to have complete control over who owns their personal information, and under what conditions this information is released to other persons. In response to the Equifax database hacking many state attorneys general have told consumers in their states that they should contact the agencies and close down access to their credit information. But this raises the question: who gave Equifax a monopoly on the personal information of consumers in the first place? How did this practice get started, and how did it become legal for a third party, without the consumer’s permission, to keep their personal financial information in their data base? No doubt at some point, such as when first applying for a credit card, consumers unknowingly signed off to give Equifax and other credit agencies the right to keep their personal financial information. But it may be time for this to be revisited -- whether identity theft has become so damaging to the finances of individuals and the nation that consumers should insist that they, and only they, have the right to control when their personal financial information can be accessed. The Bureau of Justice Statistics reported that an estimated 17.6 million persons or 7 percent of the US population age 16 and older, were victims of at least one incident of identity theft in 2015, about the same as 2012. In 2014, 85 percent of people took active measures to prevent identity theft, such as checking their own credit reports, shredding documents with personal information or changing passwords on financial accounts. But identity theft is usually only financially harmful if the thief can steal the personal information and then open up a new credit card or take some further measure to cash in on the stolen identity. The big items such as a home mortgage can’t be done so easily since the mortgage application process requires that the person show up at the lender’s place of business and sign a number of papers. But savings accounts and other financial accounts are vulnerable. What is needed is a consumer movement to seize control of credit information, similar to what was done with personal health information. The HIPAA or Health Insurance Portability and Accountability Act of 1996 and finalized in 2002 is designed to protect the privacy of individuals and limit access to personal health information. The Act covers every health care provider who electronically transmits health information in connection with certain transactions. The same thing can and should be done with personal financial information, that can be used to open up credit cards or access savings accounts. . The question is: why aren’t consumers the primary guardian of their own personal financial information right now? Why are third parties allowed to collect and hold onto the personal financial information of virtually all consumers. The proof that consumer control is possible is the fact that a consumer can contact a credit agency such as Equifax and request a “credit freeze.” If consumers can shut down access, why can’t they have complete control, and only “allow” access when they wish to open up a credit card? Right now, the personal financial information is controlled all the time by the agencies; in effect it’s open to identity theft all the time. The default setting should be not that your personal financial information is open to identity theft all the time, but that’s it’s “closed” all the time, and only if you give specific, encrypted permission can anyone use your credit history and financial information. This way, if you apply for a credit card, you can open up your record to that company. Right now anybody can access that credit history. This approach needs to be pursued. While it may be impossible to deny someone access to your personal information, that personal information can only hurt you financially if it’s used to open up a credit card or access a financial account. Of course, the credit industry won’t like giving up their control, but it can be argued that they never had the right to control access to your personal information in the first place. The vulnerability of credit agencies like Equifax now demonstrates that if consumers have to suffer a personal loss, they should have personal control. It’s time for consumers to have the right to impose a permanent default “credit freeze” on their files. This way, it will be far more difficult for hackers to use the internet to exploit your information. Consumers can release the credit freeze to only one institution at a time through use of a one time, encrypted code. This is already done with many types of transactions. Only if consumers give the credit card issuer or mortgage lender access to their credit history will access be allowed. The only loss to the credit agencies will be that their current policy of unlimited access will deny them the profits they make by allowing credit card companies to see your credit rating, name and address so they can mail you credit card offers or refinancing offers. That can also be easily corrected; you can access, on a secure website, credit card info and then choose what credit cards you wish to apply for.