HARRISBURG – The Pennsylvania Public Utility Commission (PUC) today concluded an investigation of identity theft by encouraging utilities to enhance their protection of personal information; develop or re-evaluate their notification of database security breach procedures and their internal policies on identity theft; and continuously review their policies on the storage of confidential customer information. The PUC will also continue to monitor federal and state statistics, reports and legislation addressing identity theft and related issues.
"There is not a day that goes by without a headline on identity theft," Chairman Wendell F. Holland said. “Security database breaches, which often compromise the personal confidential information of thousands, and becoming commonplace.
“Today, we direct PUC staff to monitor related regulatory and legislative developments and make recommendations for possible future Commission action. Identity theft is a very serious problem, and I am glad we will be closely monitoring this matter and its impact on the public interest.”
In an Oct. 14, 2004, order, the Commission opened an investigation to examine the impact of identity theft on consumers and utilities, and whether existing Commission rules, regulations and policies adequately protect consumers and utilities from the effects of identity theft. In its investigation, the Commission solicited comments from utilities, the state Office of Consumer Advocate, state Office of Small Business Advocate and the Attorney General’s Office, reviewing reports from the Federal Trade Commission (FTC) and analyzing consumer complaints. As a result of the investigation, PUC staff has written a Preliminary Report that will be publicly released with the Commission’s final order from today’s Public Meeting.
In Chairman Holland’s motion, he wrote that, while the responses filed in this proceeding indicate that identity theft incidences for Pennsylvania jurisdictional utilities with respect to person-to-person, employee identity theft and name game forms of identity theft do not represent substantial numbers at this time, he believes that companies need to be particularly mindful of the potential of security database breaches.
“I am reminded that there are millions of utility customers in Pennsylvania,” Chairman Holland wrote. “Utilities collect and store the personal information of its customers daily. Information compromise or breach of any major jurisdictional utility could have a devastating impact on customers and the utility. There are additional steps utilities can take to enhance the protection of personal information. Preventative and proactive measures protect consumers as well as the utility.”
Identity theft results in losses for both utilities and their customers, and last year alone, utility fraud made up 19 percent of identity theft cases reported in Pennsylvania, according to the FTC. The agency reports that nearly 10 million people have been victims of some form of identity theft, resulting in nearly $48 billion in losses to businesses and nearly $5 billion in losses to its victims. In Pennsylvania, phone or utility fraud is second only to credit card fraud.
The FTC, as well a many states, requires that companies notify affected individuals of security breaches. In Pennsylvania, legislation has been introduced to address identity thefts concerns such as notification of security breach and the protection of social security numbers. The PUC will continue to monitor pending legislation and work with the legislators and PUC-regulated utilities to address this very important issue of identity theft.
The Pennsylvania Public Utility Commission ensures safe, reliable and reasonably priced electric, natural gas, water, telephone and transportation service for Pennsylvania consumers, by regulating public utilities and by serving as stewards of competition.
For recent news releases, or more information about the PUC, visit our Internet homepage at www.puc.state.pa.us.
# # #
Docket No. M-00041811