The San Jose Mercury News reports that a cancer survivor has successfully changed a credit reporting company’s policy.

Eric Drew, a former Los Gatos High School quarterback and runway model, was diagnosed with leukemia seven years ago. A hospital lab technician stole his credit cards before he went into surgery. When he recovered, he found himself up to his ears in debt and being harassed by credit card companies as a result of the identity theft.

Last week, Drew announced he’d settled with TransUnion, a credit reporting company in Chicago, one of six banks and credit card companies he sued under fair-credit and consumer-protection laws. Under the settlement, TransUnion agreed to: allow anyone who is hospitalized or elderly to file a claim of identity theft with a doctor’s note, instead of having to provide a formal affidavit; permanently remove fraudulent information from a credit report; and offer a free credit freeze for identity theft victims.

“This is a great settlement,” Drew said, recovering from knee replacement surgery he needed because of the prednisone he took while he had cancer. “It’s a huge breakthrough for the American consumer.”

Litigation is still pending with Bank of America, Chase, Citibank, Equifax and Experian.

After years of fighting legislation, TransUnion, one of the three major credit bureaus, says it will allow individuals in all 50 states to freeze their credit. A credit freeze bars prevents the credit companies from issuing your credit history, the summary of loans and payments that forms the basis of your credit score. Because few lenders will issue credit without first seeing a credit score, putting a freeze on your information means identity thieves can’t use stolen Social Security numbers to fraudulently open new accounts.

TransUnion broke ranks with Experian and Equifax. USA TODAY reports that the three major credit bureaus have lobbied for two years to stop strong credit-freeze laws from being adopted at the federal and state levels. The bureaus disseminate credit histories used by lenders to issue credit cards, mortgages and other loans.

The service, which goes into effect Oct. 15, is a major victor for consumers, say consumer advocacy groups. “Consumers deserve the right to a low-cost security freeze that makes it easy to prevent crooks from opening fraudulent accounts,” says Gail Hillebrand, senior attorney for Consumers Union.

According to ZDNet, with only two months left before government agencies must figure out how to deal with data breaches and data theft, federal bureaucrats are scrambling to meet the impending deadline. The deadline was created by a White House directive that gave all federal agencies until September 22 to figure out the best way, using their “best judgment,” to create a plan to secure personal data and to alert them if it is compromised.

Meeting that deadline is “definitely a challenge,” says Mischel Kwon, chief IT security technologist for the U.S. Department of Justice.

The chief privacy officers for the U.S. Department of Homeland Security and the Federal Trade Commission say they are taking steps to comply with the White House order.

The FTC’s chief privacy officer, Marc Groman, says his agency prepared a 12-page compliance plan last month. The plan covered topics such as notifying third parties, notifying individuals and identity theft risk analysis.

The Standard-Times reports that Massachusetts lawmakers have agreed on identity theft legislation, which aims to protect the public from the release of personal and financial information.

The law would require any company or government entity doing business in Massachusetts to immediately disclose a breach of security, whether it occurred in electronic or paper form. It also requires businesses or government entities to shred or destroy any personal information before disposing of it. The measure also applies to fingerprint and retinal scan data.

People who are victims of identity theft would be able to freeze new credit from being issued in their name for free. Others could do the same for a $5 fee.

The law won has unanimous House approval. The agreement, hammered out in a conference committee of three senators and three state representatives, now moves on to the Senate, where it is expected to be approved.

The L.A. Times reports that restaurants may have a solution to recent rise in the number of “skimming” scams in which waiters use hand-held computers to steal customers’ credit card information.

Pay-at-the-table systems are widely used in Europe and other parts of the world, but the U.S. is falling behind, largely because equipment makers have been unable to point to a reason restaurateurs should use the technology. However, identity theft provides a good reason. Some studies suggest that as much as 70% of all cases of credit card skimming stem from restaurant scams.

“Restaurants are the last holdout where you still give up your credit card. That’s why we think this is the next logical step,” said Paul Rasori, VeriFone Inc.’s vice president of marketing. Verifone’s system is about the size of a thick remote control and sports a square liquid-crystal-display screen and a numerical keypad. It accepts debit and credit cards and can automatically add a tip. Once the customer swipes a card, the information is sent wirelessly to a computer in the restaurant. A tiny printer spits out a receipt.