President Trump recently signed the Economic Growth, Regulatory Relief, and Consumer Protection Act which made limited changes to the credit report laws and the overall consumer protection regulations.
Specifically, the changes affect credit report freezes and fraud alerts. In response to the recent Equifax breach, Section 301 requires credit reporting agencies to provide consumers with credit report freezes at no cost when identity theft is suspected. The changes also require credit reporting agencies to extend the initial fraud alerts from 90 days to one year. Section 302 also requires credit reporting agencies to provide free credit monitoring to active-duty military service members. The old credit report freeze laws allowed consumers to freeze their credit files which prevented credit reporting agencies to share consumer information with lenders which could potentially result in new fraudulent applications and transactions. The problem with the old law was that consumers had to pay for placing credit report freezes. Also, the freeze cost would have been higher if consumers decided to place a freeze with each of the three major agencies since each agency charged for placing a freeze on their credit reports.
The fraud alerts on the other hand notify lenders that consumers believe they may be victims of identity theft in order for lenders to be more vigilant and validate the identity of the borrowers before approving their credit applications. However, fraud alerts do not require any action on the part of the lenders which may decide not to validate identities and approve applications. This makes a credit report freeze a preferred method to prevent identity theft since lenders can not review the credit worthiness of consumers and approve credit applications without reviewing credit reports.
From a wider perspective, Section 308 requires the Government Accountability Office (GAO) to conduct a review of the “current legal and regulatory structure for consumer reporting agencies and an analysis of any gaps in that structure,” as well as a review of error correction mechanisms, data security, and the overall functioning of the credit reporting system. One notable aspect is that the GAO will be studying the responsibilities of “data furnishers” (e.g., banking organizations) to ensure that accurate information is submitted to credit reporting agencies.