Members of the Judiciary Committee heard testimony Jan. 25 on a bill that would ensure free credit monitoring to consumers following a data security breach.
LB757, introduced by Lincoln Sen. Adam Morfeld, would prohibit a credit-monitoring agency from charging fees to place, temporarily lift or remove a security freeze following a data breach similar to the one experienced by Equifax in 2017.
A security freeze places a hold on a person’s credit history, preventing identity thieves from opening new credit accounts using stolen information.
Morfeld said that 145 million Americans had their sensitive personal information compromised during the breach, including roughly 700,000 Nebraskans.
“I find it disturbing and completely illogical that a company could lose personal and financial data and then turn around and profit off of citizens trying to protect themselves from that loss of data,” he said.
Any individual or commercial entity conducting business in Nebraska that owns, licenses or maintains data including personal information would be required to implement reasonable security measures to safeguard that information. A third-party service provider that receives personal information from an individual or commercial entity also would be required to implement such security measures.
The bill would authorize the state attorney general to prosecute a violation of the bill’s security provisions as a violation of the Consumer Protection Act.
Meghan Stoppel, director of the Attorney General’s Consumer Protection Bureau, spoke in support of the bill. She said some companies have marketed and charged fees for products similar to a security freeze, but that do not completely prevent third parties from viewing someone’s personal credit information.
In the case of a data breach, Stoppel said, security freezes should be free because sensitive personal information is compromised.
“Consumers shouldn’t have to pay for a security freeze just because a credit-monitoring company is calling it something different,” she said.
Representing the Nebraska Retail Federation, Jim Otto agreed that credit freezes should be available in the event of data breaches, but opposed specific language in the bill that would prohibit fees on a “substantially similar type of security product.”
“The phrase is too broad and could eliminate many other products,” he said. “A blanket prohibition would not allow for consumer choice and could prohibit existing services many Nebraskans choose to protect their information.”
The committee took no immediate action on the bill.