How a New Illinois Law Could Protect 12 Million From Identity Theft

03/27/2015 05:08 pm ET | Updated May 25, 2015

identity theft

By Tess Frame, Contributor

It’s no surprise that Illinois consumers expressed identity theft as their No. 2 complaint, right behind debt, according to the state attorney general's office. Last year was marked by a string of cyberattacks against many large companies, including Target, Michael’s, LivingSocial, eBay, P.F. Chang’s, Snapchat, The Home Depot and JP Morgan. Millions of consumers' personal or credit card information was exposed, and the companies that were hacked due to improper privacy compliance or other reasons lost their customers' trust along with their data.

In an effort to combat the damage caused by hackers and help the state's more than 12 million residents prevent and recover from identity theft, Illinois Attorney General Lisa Madigan is working on enhancing the Illinois Personal Information Protection Act (PIPA). She is proposing legislation to help better protect sensitive data and ensure that people know when their information has been compromised.

Improvements to the Personal Information Protection Act

The 2005 law mandated that consumers must be notified if their personal information had been exposed or compromised. The original act's definition of personal information was limited to an individual’s first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted or redacted:

  • Social Security number
  • Driver’s license number or state identification card number
  • Account number or credit or debit card number, or an account number or credit card number in combination with any required security code, access code, or password that would permit access to an individual’s financial account

Attorney General Madigan is proposing that PIPA be updated to include information such as but not limited to the following:

  • Medical and insurance information
  • Biometric data
  • Geolocation information
  • Login credentials for online accounts

Other updates she is proposing would require businesses and other organizations to take “reasonable steps” to protect the consumers’ information, such as by destroying paper documents or erasing electronic files so that the personal data cannot be read or reconstructed. Businesses would also have to notify the attorney general’s office so an ongoing list could be kept of breaches that affect Illinois residents.

Why Notification Is Critical

While some consumers find out about a data breach from the company that has been hacked, others are first alerted by their bank or credit union. With comprehensive fraud protection services, many financial institutions are serving as consumers' first line of defense. 

"From our vantage point, the most vital fraud protection feature is speed," said Kim Busche, fraud supervisor at Chicago-based Alliant Credit Union. "We pride ourselves on alerting our members immediately once any suspicious activity is identified so we can ensure that the activity was authorized. This gives our members confidence that their assets are secure," said Busch.

Even with meticulous document shredding, private IP addresses and theft-protection smartphone apps, the rate at which hackers and cyberterrorists can steal personal information is up 10 percent from 2013 and still rising. Consumers' personal efforts to protect their information are becoming insufficient against the increasing capabilities of hackers and thieves.

What You Can Do Now to Protect Your Information

The proposed changes to Illinois law are designed to help regulate some of the business practices regarding customers’ personal information and cast a larger umbrella over sensitive data. They also could potentially help restore Illinois residents’ confidence in businesses, which could in turn result in an economic boost. If consumers are confident that they can safely shop without a high threat of identity theft and fraud, shopping might increase and the local economy could improve.

Taking advantage of protection services available to them can help consumers fight fraud and theft in the meantime. Consumers need to be more vigilant than ever about monitoring account activity.

"We advise our members to review their bank statements regularly and report any possible errors as soon as possible so we can ensure the error is as undisruptive as possible," said Busche.

"When it comes to credit card fraud, anytime a charge is disputed for fraud purposes, it’s mostly an unrecognizable charge," Busche said. "While we complete our investigation of the charge, we credit the member’s account so this potential fraud doesn’t affect their day-to-day life. 

It’s not realistic to expect hackers and thieves to stop stealing personal information. In the best-case scenario, the changes to PIPA will make Illinois consumers more aware of when their personal information has been jeopardized and will make businesses more careful with customers’ data and better at handling breaches in ways that minimize damage.

Photo credit: GotCredit