Credit Bureaus Fight Consumer-Ordered Freezes

— -- SEATTLE -- Wearing his trademark bow tie, Eric Ellman goes to work every day prepared to explain why identity theft isn't as big a threat as people think.

His logic has often found friendly ears in Washington, D.C., where Ellman, a lobbyist for the Consumer Data Industry Association (CDIA), champions the interests of the Big Three credit bureaus: Experian, Equifax and TransUnion.

The CDIA has been scrambling for two years to get federal lawmakers to defuse the onrush of state laws empowering consumers to freeze access to their credit histories to prevent identity theft. It spent a record $1.4 million on federal lobbying in 2006, nearly double what it spent in 2004, according to the Center for Responsive Politics.

But a funny thing has happened outside the nation's capital. More states have begun requiring companies to notify consumers when their personal data turn up missing -- and states are ordering the credit bureaus to make it easier for consumers to ban anyone from viewing their credit files. By the end of this year, more than 35 states will have such laws; a few years ago, barely a handful did.

When this trend began to gather steam in 2005, the CDIA deployed Ellman on a series of trips to Montana to dissuade lawmakers from adopting one of the nation's most pro-consumer credit-freeze laws. "He was here so often, I jokingly told him he should start paying state income tax," says Claudia Clifford, Montana-based lobbyist for AARP, a staunch consumer advocate for freezes.

Ultimately, Ellman failed in Montana. The lawmakers there made credit freezes cheaper and quicker to do than anywhere else in the nation. The CDIA's efforts in Big Sky country and other states reveal how the credit bureaus have been losing ground in a struggle to preserve control of consumer credit information as data theft and identity fraud escalate. The key factor: Consumer advocates have shifted the field of battle outside of Washington D.C., where power politics reign, to state capitals in places such as Helena, Mont., Salt Lake City, Carson City, Nev., and Annapolis, Md., where populist sentiments often carry the day.

"A lot of people are simply being affected by identity theft, and (consumers) want to be able to do something about it before it gets really messy," says Michelle Jun, staff attorney for Consumers Union.

CDIA President Stuart Pratt declined to allow Ellman to be interviewed. As the trade group's vice president and counsel of state and federal regulatory affairs, Ellman is one of two CDIA lobbyists who crisscross the country testifying against freezes in state legislatures. His public assertions provide a revealing glimpse of the tactics the CDIA has employed to try to limit consumers' control of their credit histories.

Compelled by state data-loss notification laws, companies and organizations have disclosed more than 500 incidents of personal data turning up missing since February 2005. Computers have been hacked or stolen; data tapes fall off delivery vans; insiders take files home. Scores of universities, hospitals, government agencies, merchants and financial firms continue to report such breaches. Total records reported lost: 155 million.