Law May Help Freeze ID Theft

California residents have the ultimate weapon against identity theft -- but few know it.

That may be changing, however, as a rash of security breaches putting personal information at risk has heightened public concern about privacy.

The weapon is a little-known California law -- the only one of its kind in effect -- allowing residents to freeze access to their credit reports. Such a step effectively prevents identity thieves from opening unauthorized credit accounts in the names of their victims.

Inquiries about the law, which took effect in 2003, have risen dramatically in the last few months, state officials said. And it has generated attention across the country as well: This year, 22 states considered legislation that allows consumers to freeze their credit reports.

"It's like the rise in sales in paper shredders," said state Sen. Debra Bowen (D-Marina del Rey), who sponsored the original California bill. Once privacy concerns rise to a certain point, "suddenly, everyone has to have one."

A credit-report freeze costs $30 -- $10 each to the three major national credit bureaus -- and involves a certain amount of paperwork. But consumers planning to seek credit can, with a few days' notice and another $30, suspend the freeze whenever they wish.

Victims of identity theft who can supply a police report can freeze their credit report for free.

The little-used provision was part of legislation better known for banning the use of Social Security numbers on publicly displayed documents or identification cards.

The Office of Privacy Protection, the state agency that issues information on the law, has a staff of three to oversee all privacy measures in California, and it has few resources for publicizing the freeze provision.

"Getting a call for information on this measure was rare," office chief Joanne McNabb said. "We could go weeks without getting one."

Then in February, Alpharetta, Ga.-based ChoicePoint Inc. -- one of the nation's largest collectors of consumer data, including Social Security numbers and home addresses -- disclosed that identity thieves had tapped its database. Eventually, the firm said as many as 145,000 of its personal files could have been compromised.

The disclosure kicked off a national debate over privacy, which intensified when information broker LexisNexis, which is owned by London-based Reed Elsevier, announced it had suffered a security breach that eventually turned out to involve as many as 310,000 files.