§ 6-48-5. Security freeze — Timing, covered entities, cost.
(a)(1) A consumer may elect to place a “security freeze” on his or her credit report by making a request by certified mail to a consumer reporting agency at an address designated by the consumer reporting agency to receive such requests.
(2) A consumer reporting agency shall place a security freeze on a consumer’s credit report no later than five (5) business days after receiving from the consumer:
(i) A written request as described in subsection (a)(1); and
(ii) Proper identification.
(3) The consumer reporting agency shall send a written confirmation of the security freeze to the consumer within ten (10) business days of placing the freeze and at the same time shall provide the consumer with a unique personal identification number, password, or similar device to be used by the consumer when providing authorization for the release of his or her credit report for a specific period of time, or when permanently removing the freeze.
(4) If the consumer wishes to allow his or her credit report to be accessed for a specific period of time while a freeze is in place, he or she shall contact the consumer reporting agency, using a point of contact designated by the consumer reporting agency, to request that the freeze be temporarily lifted and provide the following:
(i) Proper identification;
(ii) The unique personal identification number or password provided by the consumer reporting agency pursuant to subsection (a)(3); and
(iii) The proper information regarding the time period for which the report shall be available to users of the credit report.
(5) A consumer reporting agency that receives a request from a consumer to temporarily lift a freeze on a credit report pursuant to subsection (a)(4) shall comply with the request no later than three (3) business days after receiving the request.
(6) A consumer reporting agency may develop procedures involving the use of telephone, fax, or, upon the consent of the consumer in the manner required by the Electronic Signatures in Global and National Commerce Act, 15 U.S.C. § 7001 et seq., hereinafter referred to as (“E-Sign”) for legally required notices, by the internet, e-mail, or other electronic media to receive and process a request from a consumer to temporarily lift a freeze on a credit report pursuant to subsection (a)(4) in an expedited manner.
(7) A consumer reporting agency shall remove or temporarily lift a freeze placed on a consumer’s credit report only in the following cases:
(i) Upon consumer request, pursuant to subsection (a)(4) or (a)(9); and
(ii) If the consumer’s credit report was frozen due to a material misrepresentation of fact by the consumer. If a consumer reporting agency intends to remove a freeze upon a consumer’s credit report pursuant to this paragraph, the consumer reporting agency shall notify the consumer in writing prior to removing the freeze on the consumer’s credit report.
(8) If a third party requests access to a consumer credit report on which a security freeze is in effect; and this request is in connection with an application for credit or any other use; and the consumer does not allow his or her credit report to be accessed; then the third party may treat the application as incomplete.
(9) A security freeze shall remain in place until the consumer requests, using a point of contact designated by the consumer reporting agency, that the security freeze be removed. A consumer reporting agency shall remove a security freeze within three (3) business days of receiving a request for removal from the consumer who provides all of the following:
(i) Proper identification; and
(ii) The unique personal identification number or password provided by the consumer reporting agency pursuant to subsection (a)(3).
(10) A consumer reporting agency shall require proper identification of the person making a request to place or remove a security freeze.
(11) A consumer reporting agency may not suggest or otherwise state or imply to a third party that the consumer’s security freeze reflects a negative credit score, history, report, or rating.
(12) The provisions of this section do not apply to the use of a consumer credit report by any of the following:
(i) A person, or the person’s subsidiary, affiliate, agent, or assignee with which the consumer has, or prior to assignment had, an account, contract, or debtor-creditor relationship for the purposes of reviewing the account or collecting the financial obligation owing for the account, contract, or debt;
(ii) A subsidiary, affiliate, agent, assignee, or prospective assignee of a person to whom access has been granted under subsection (a)(4) for purposes of facilitating the extension of credit or other permissible use;
(iii) Any person acting pursuant to a court order, warrant, or subpoena;
(iv) A state or local agency that administers a program for establishing and enforcing child support obligations;
(v) The department of health, or its agents or assigns, acting to investigate fraud;
(vi) The attorney general, or its agents or assigns, acting to investigate fraud;
(vii) The division of taxation, or its agents or assigns, acting to investigate or collect delinquent taxes or unpaid court orders or to fulfill any of its other statutory responsibilities;
(viii) The use of a credit report by a person for purposes of prescreening as defined by the federal Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq.;
(ix) Any person or entity administering a credit file monitoring subscription service to which the consumer has subscribed;
(x) Any person or entity for the purpose of providing a consumer with a copy of his or her credit report upon the consumer’s request; and
(xi) Any person or entity for use in setting or adjusting a rate, adjusting a claim, or underwriting for insurance purposes.
(13) A consumer may not be charged a fee for any security freeze service by a consumer reporting agency.
(b) Entities not required to place a security freeze. The following entities are not required to place a security freeze on a credit report:
(1) A consumer reporting agency that acts only as a reseller of credit information by assembling and merging information contained in the database of another consumer reporting agency or multiple consumer credit reporting agencies and does not maintain a permanent database of credit information from which new consumer credit reports are produced. However, a consumer reporting agency acting as a reseller shall honor any security freeze placed on a consumer credit report by another consumer reporting agency;
(2) A check services or fraud prevention services company that issues reports on incidents of fraud or authorizations for the purpose of approving or processing negotiable instruments, electronic funds transfers, or similar methods of payments;
(3) A deposit account information service company that issues reports regarding account closures due to fraud, substantial overdrafts, ATM abuse, or similar negative information regarding a consumer to inquiring banks or other financial institutions for use only in reviewing a consumer request for a deposit account at the inquiring bank or financial institution; and
(4) Any database or file that consists of any information adverse to the interests of the consumer, including, but not limited to, criminal record information; personal loss history information; information used for fraud prevention or detection; tenant screening; and employment screening.
History of Section.
P.L. 2006, ch. 226, § 1; P.L. 2006, ch. 270, § 1; P.L. 2014, ch. 528, § 35; P.L. 2018,
ch. 31, § 1; P.L. 2018, ch. 33, § 1; P.L. 2019, ch. 308, art. 2, § 3.