On Monday, the Court of Appeal, Second Appellate District upheld the validity of California’s “security freeze” law, section 1785.11.2 of the California Civil Code, but nonetheless enjoined under the First Amendment its application to the U.D. Registry (“U.D.”), a provider of credit reports drawn in material part from public records.  U.D. Registry, Inc. v. State of California, B179653 & B186012 (October 30, 2006).

California’s Security Freeze Law

Section 1785.11.2, authored by Senator Debra Bowen, was enacted to enhance protection of consumers from identity theft by allowing them to place fraud alerts on their credit reports and to prevent or control the release of those reports, and by prohibiting specified government and business uses of social security numbers.

The security freeze law provides, among other things, that “[a] consumer may elect to place a security freeze on his or her credit report by making a request in writing by certified mail to a consumer credit reporting agency.”  If such a security freeze is in place, “information from a consumer’s credit report may not be released to a third party without prior express authorization from the consumer.”  A consumer credit reporting agency has five business days to place a freeze on a credit report after receiving a written request.

Section 1785.11.2 was intended in part to shift some of the identity theft burden from consumers to credit reporting agencies.  Also of concern to California lawmakers, as noted by the U.D. Registry court, was “a consumer’s right to control the use of his or her personal and financial information.”