Legislation

When Equifax was hacked a while back there was social media outrange when their solution was for individuals to freeze their credit reports. The issue? They would change the individual a fee to freeze your credit report and then another to unfreeze. The Economic Growth, Regulatory Relief and Consumer Protection Act enacted in May 2018 had the hidden benefit that it is now free in every state to freeze and unfreeze your credit file and that of your dependents.

If you’ve been holding out because you’re not particularly worried about ID theft, here’s another reason to reconsider: The credit bureaus profit from selling copies of your file to others, so freezing your file also lets you deny these dinosaurs a valuable revenue stream.

Individuals much contact each of the three major credit bureaus to file a freeze/unfreeze request:

Equifax Freeze Page
800-685-1111

Experian
888-397-3742

TransUnion
By Phone: 888-909-8872

You may have seen a flood of updated privacy policies from your online service providers flooding your in-box over the past couple months. These are the direct result of new data privacy laws, the General Data Protection Regulation (GDPR) taking effect across the European Union (EU) today. These laws provide consumers with more control over their personal data.

What Is It?

GDPR was ratified in April 2016 and establishes a single set of personal data protection rules across Europe. Companies and online service providers outside the EU are subject to this regulation when they collect data concerning any EU citizen. Personal data is defined as any information relating to a person who can be identified directly or indirectly including information that can be linked back to an individual. There is no distinction between personal data about an individual in their private, public or work lives.

Companies will be required to implement appropriate technical and organizational measures in how they handle and process personal data. Data protection safeguards must be appropriate to the degree of risk associated with the data being collected and held. If there is a data beach and any of the laws were not properly applied fines could be as high as 20 million Euro or 4% of annual revenue, whichever amount is higher.

Since US companies with EU citizens as customers must follow DGPR laws US citizens may benefit from the laws.

Why Should I Care?

The theft or accidental disclosure of an individual’s data by an online service provide exposes that individual to any number of potential issues. The intent of the law is to provide individuals with more control over which data on them is being collected and places significant restrictions on how companies manage data to reduce of eliminate that exposure.

Under GDPR companies obtaining data from individuals must detail the purpose of data and how it will be used, if the data will be transferred internationally , how long it will stored. Individuals retain the right to access, lodge a complaint, or withdraw consent at any time. They also have the right to be forgotten. The data must be erased if it is no longer needed for the reason it was collected.

If any company experiences a data breach, they must notify the individuals whose data was stolen must be informed with 72 hours. This is in contrast to many more recent security breaches which come out in the news months later.

Another part of the regulation requires that consent for the company to collect data must be given by the individual by a clear affirmative action. This consent does not need to be explicitly given and can be implied by the person’s relationship with the company. Any data being collected and retained must be for specific, explicit and legitimate purposes.

Resources

Russell and Fuller. GDPR For Dummies. 2017. Wiley & Sons.

GDPR for Dummies from Caroline Boscher

Ohio State nav bar

Credit Freezing and Unfreezing: Now Free!

What is this GDPR Thing and Why Should I Care?