Identity Theft and Identity Protection Laws

State and Federal Laws Governing Identity Theft

Identity theft can take many forms but fundamentally involves the use of your personal identifying information by another person for profit or personal gain. It may involve a person perpetrating a fraud by using your credit or debit card information without your permission, or it may occur when someone else pretends to be you, receiving goods or compensation intended for you. It can also involve someone stealing or wrongfully using login and password information to access your personal online accounts.

The U.S. Federal Trade Commission, which monitors consumer fraud, consistently finds identity theft to be the most frequent consumer complaint. Identity theft is a crime in every state as well as under federal law. Let’s look at the protections available to consumers.

What Is Identity Theft?

The term “identity theft,” first used in 1964, is the unlawful use or taking of personally identifiable information. To violate the law, the theft must be done with intent or knowledge and in order to obtain some financial benefit. Information commonly considered “personally identifiable” under most identity-theft statutes are the following:

• Name
• Social security number
• Date of birth
• Bank account or credit card information, including number, expiration date, and PIN
• Usernames and passwords
• Driver’s license number
• Fingerprints
• Electronic signature
• Any other data that allows access to financial information or resources

Different Types of Identity Theft

Though identity theft is most commonly used to engage in financial fraud, there are a number of other forms of identity fraud or theft that are regulated by law:

• Medical identity theft—Medical ID theft involves the unlawful use of another person’s identifying information to obtain medical services or pharmaceutical products. In most instances, it involves the wrongful use of health insurance benefits.
• Criminal identity theft—It is against the law to present a false identity when stopped or questioned by law enforcement officers in connection with the commission of a crime.
• Identity cloning or concealment—This offense involves the assumption of a false persona to conceal one’s real identity. It is commonly used by people who are wanted by the law, those who are in the country illegally, and debtors dodging creditors. Creating a false identity online can be illegal in certain situations, such as when a sexual predator uses a fake identity to lure a minor to a meeting. In response to this specific concern, Congress passed the Children’s Online Privacy Protection Act of 1998 (COPPA), discussed in more detail below.
• Child identity theft—Many children have social security numbers with little information or no accounts tied to them. A criminal may take a child’s social security number and establish a new identity with it, potentially securing credit, opening financial accounts, or even getting a driver’s license. Children in foster care are particularly susceptible to this type of fraud, as they usually have a social security number and are often moved around on a regular basis, making them difficult to track.
• Tax identity theft—A relatively recent trend involves individuals falsely using a social security number to file a tax return with false information. Typically, the perpetrator files for a refund to be directly deposited into a bank account. When the legitimate return is subsequently filed, the IRS typically rejects it as a duplicate.

Federal Laws Governing Identity Theft

In 1998, Congress passed a law known as the Identity Theft and Assumption Deterrence Act. Signed into law by President Clinton, the statute makes it a federal crime to “knowingly transfer, possess or use without lawful authority” any “means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity.” To be subject to federal prosecution, the unlawful activity must include one of the following:

• Use of an identification document with intent to defraud the federal government
• Use of an identification document issued by the United States government
• Sending an identification document through the U.S. mail
• Use of an identification document in interstate commerce

In 2004, Congress passed the Theft Penalty Enhancement Act, tacking on additional sentences for convictions of “aggravated” identity theft. This statute adds two years of incarceration for general identity theft convictions and five years in cases where the identity theft is related to terrorist activity.

Victims of identity theft can also turn to the federal Fair Credit Reporting Act (FCRA) in the aftermath of the wrongful use of personal identity information. The FCRA allows consumers who are victims of identity theft to compel businesses to turn over transaction records related to the identity theft. Those records must be provided within 30 days of receipt of the request. In addition, the consumer may designate a police or law enforcement officer to receive such records.

How Does COPPA Protect Children?

The Children’s Online Privacy Protection Act (COPPA) requires website operators to take certain actions to protect the identity and safety of children under the age of 13. The burdens placed on website operators under COPPA apply to websites that include content “directed to children.” The statute requires website operators to do, among other things, all of the following:

• Have on its website a “clear and comprehensive” statement of its privacy policy and how the policy relates to information gathered from anyone under the age of 13;
• Make a reasonable attempt to directly notify parents of the website’s practices related to gathering, using, and disclosing information from children under the age of 13;
• Secure confirmed parental consent for the collection, use, and disclosure of most personal information gathered from children under the age of 13; and
• Offer a reasonable forum to allow parents to see any personal information collected from a child under the age of 13, with the option for the parents to refuse to allow further use of the collected information.

State Laws Governing Identity Theft

Because of the limited jurisdiction of federal identity theft statutes, most identity theft prosecutions are under state law. Though some of the details may vary, every state has some form of identity theft law. More than half of the states have passed laws allowing victims of identity theft to seek restitution, and many have established programs to help minimize the risk of repeated identity theft.