Sample letter to state legislator about regulating credit bureaus.

Here’s the letter I sent by email to our local State Senator after the Equifax data breach. You are free to adapt it any way you want and send it to whomever you want. offers a service helping you identify your legislators.

Dear Sen. O’Connor-Ives:

The recent screwup at the Equifax credit bureau may not be as newsworthy as hurricaines, but it’s still a big potential problem for a lot of people.

I wrote a little article about what to do, to answer people who were asking me. t/reference/cybercrooks-stole- data-equifax-now-credit-freeze s/

Here’s what we need from you, the legislators:

1) Please pass a law making it free for residents of our state to put “credit freezes” on our records. Some other states have such laws. Right now the credit bureaus are allowed to charge people for this service in our state.

2) Please pass a law requiring each credit bureau doing business in the state to appoint and fund an ombudsman’s office to help residents with all matters related to that credit bureau. Please make sure that law has teeth: the credit bureaus should be required to meet meaningful quality-of-service (QoS) standards for ombudsman service. Failure to meet QoS standards should result in the payment of  substantial daily penalties.

3) Please regulate the  gathering, storage, dissemination, and use of credit information in ways that hold the credit bureaus accountable for mistakes. The common-law concept of strict liability might be helpful in drafting those regulations. If a bull gets loose, the farmer is liable to pay for damage the animal causes even if she didn’t do anything wrong. If personal credit records get loose or get misused, the credit bureau should be required to cover the costs of the damage those records do to people and businesses because of identity theft and other crimes.

Why strict liabiliy rather than liability for negligence?  The events of recent years have shown that even state actors with unlimited resources (the US National Security Agency for example) can’t keep secrets forever. The idea of strict liabiilty recognizes that fact. It means that somebody holding something dangerous (like a bull, or like our credit data) must plan to make the situation good when, inevitably, the dangerous thing gets loose. Workers’ compensation and the National Vaccine Injury Compensation Program work the same way.

4) Please criminalize withholding of information about those breaches.  This is not an outrageous request: health care information breaches are already criminalized under ARRA-2009.

I know, boring.  But peoples’ lives can be ruined by identity theft.

Thanks for reading. Thanks in advance for acting on this.

All the best, and thanks for doing what you do!


Leave a Comment