US 2005 Enacted Identity Theft Legislation Resources in United States
US 2005 Enacted Identity Theft Legislation Resources
| State: | Bill Summary: |
| Arizona | H.B. 2414 Signed by governor 4/18/05, Chapter 136 Defines advertisement, computer software, damage, execute, intentionally deceptive, internet, owner or operator, person, personally identifiable information, and transmit as they relate to this chapter. Prohibits any person from transmitting, through intentionally deceptive means, computer software and using the software to: 1) Change internet control settings. 2) Collect personally identifiable information, including bank account numbers. 3) Prevent the operator’s efforts to block the installation or execution of computer software. 4) Falsely claim that software will be disabled by the operator’s actions. 5) Remove or disable security computer software installed on the computer. 5) Take control of the computer. Designates this to be a matter of statewide concern. Thus, the chapter will supersede regulations set forth by local governmental bodies. Allows the attorney general and a computer software provider or a Web site or trademark owner who is adversely affected to bring action against a violator to enjoin further violations or recover the greater of actual damages or one hundred thousand dollars for each separate violation. States that the number of violators must be based on the number of paragraphs violated. The court may increase the damages up to three times if the defendant has a pattern of violating the provisions of the bill. The court may also award costs and reasonable attorney fees to the prevailing party. |
| S.B. 1017 Signed by governor 4/18/05, Chapter 82 Adds premiums for long-term and critical care insurance, prepaid legal services, personal computer systems, and identity theft protection services to those payroll deductions that a state officer or employee may authorize as additional deductions. |
|
| S.B. 1058 Signed by governor 4/25/05, Chapter 190 Creates the crime of aggravated identity theft if a person knowingly takes, purchases, manufactures, records, possesses or uses personal identifying information of either: five or more persons or entities or a person or entity and causes a loss to a person/entity of $3,000 or more. Provides that proof of possession of the personal/entity identifying information of five or more persons/entities out of the course of regular business may give rise to an inference that the information was possessed for an unlawful purpose. Makes aggravated identity theft a Class 3 felony. Creates the crime of trafficking in the identity of another person or entity if a person knowingly sells, transfers or transmits personal/entity identifying information (real or fictitious) for an unlawful purpose or to cause loss, whether the person or entity actually suffers any economic loss. Makes trafficking in the identity of a person or entity a Class 2 felony. Exempts a violation of A.R.S. 4-241 by a person under 21 years of age from the penalties associated with identity theft (Class 4 felony), aggravated identity theft (Class 3 felony) and trafficking in the identity of another person (Class 2 felony). A.R.S. § 4-241 makes it a Class 1 misdemeanor if a person under 21 years old uses a fraudulent piece of identification to gain access to an establishment licensed to sell liquor. |
|
| S.B. 1447 Signed by governor 4/18/05, Chapter 114 Prohibits a person from soliciting identifying information by representing that they are from an on-line business when they are not approved to do so by the on-line business. Defines pertinent terms. Prohibits any person from using a web page or electronic mail message to request identifying information by representing itself as an on-line business without the authority or approval of the on-line business. Allows the attorney general, a person engaged in the business of providing Internet access service to the public, or a person who owns a Web page or trademark that is adversely affected by a violation to bring action as follows: A) To enjoin further violations. B) To recover the greater of actual damages or $500,000 for each violation. C) Permits the attorney general to also recover reasonable attorney fees and costs. Stipulates that if the court determines there is a pattern of violations, the court may increase the damage award to not more than three times the amount otherwise outlined. Prescribes that multiple violations resulting from one act shall constitute a single violation. Classifies a violation as a Class 5 felony (1.5 years / $150,000). |
|
| Arkansas | H.B. 1354 Signed by governor 2/25/05, Act 280 Clarifies that the offense of financial identity fraud pertains to the use of identifying information to open or create an account or financial resource. |
| H.B. 1740 Signed by governor 3/10/05, Act 744 Provides for the issuance of an identity theft passport by the attorney general to victims of financial identity fraud. |
|
| H.B. 2094 Signed by governor 3/21/05, Act 968 Prohibits persons convicted of financial identity fraud from being eligible to work with the developmentally disabled. |
|
| H.B. 2904 Signed by governor 4/15/05, Act 2255 Protects consumers from improper use of computer spyware. |
|
| California | A.B. 988 Signed by governor 7/18/05, Chapter 53 Existing law specifies various offenses for purposes of defining criminal profiteering activity, and patterns of criminal profiteering activity. Existing law also provides for the forfeiture of specified assets for persons who engage in a pattern of criminal profiteering activity, upon conviction of an underlying offense, as specified. This bill adds to those specified offenses, the offense of theft of personal identifying information, as specified. |
| A.B. 1566 Signed by governor 9/30/05, Chapter 432 Existing law provides that every person who, with the intent to defraud, acquires, transfers, or retains possession of the personal identifying information of another person is punishable by imprisonment in a county jail for a period not to exceed one year, or a fine not to exceed $1,000, or by both that imprisonment and fine. Provides that a violation of these provisions with respect to the personal identifying information of a person who is either a member of the armed forces, or is a member of the armed forces reserve or the National Guard, who has been called to active duty or active service and is deployed to a location outside of the state, as specified, is punishable by imprisonment in a county jail for one year, a fine not to exceed $1,500, or by both that imprisonment and fine. |
|
| S.B. 355 Signed by governor 9/30/05, Chapter 437 Enacts the Anti-Phishing Act of 2005. Makes it unlawful for any person, through the Internet or other electronic means, to solicit, request, or take any action to induce another person to provide identifying information by representing itself to be a business without the approval or authority of the business. Provides certain civil remedies and civil penalties for a violation in that regard. |
|
| S.B. 444 Signed by governor 10/4/05, Chapter 482 Adds various crimes relating to identity theft, and the manufacture and sale of false identification and access cards to those offenses which if committed by members of the criminal street gang establish a pattern of criminal gang activity for purposes of these provisions, however, such a pattern would not be established by commission of one or more of these offenses alone, in addition, an offense already listed in existing law would also have to have been committed. |
|
| S.B. 460 Signed by governor 9/22/05, Chapter 259 Existing law prohibits offenders who are confined in county facilities, or the Department of Corrections for specified offenses, from performing work that would give them access to the personal information of private persons, as specified. This bill precludes any offender confined in a county facility, or the Department of Corrections from gaining access to personal information, as specified. |
|
| Colorado | H.B. 1347 Signed by governor 6/1/05, Chapter 218 Concerns criminal penalties for the use of electronic devices for the purpose of identity theft. |
| Connecticut | H.B. 6831 Signed by governor 6/2/05, Public Act 05-62 Specifically provides that the state statutes concerning financial privacy do not prevent 1) the disclosure of information to information networks accessed by financial institutions, other commercial enterprises and law enforcement authorities for the purpose of detecting or preventing against fraud, and 2) disclosures made to a victim of identity theft pursuant to the federal Fair Credit Reporting Act. |
| Delaware | S.B. 50 Signed by governor 7/12/05, Chapter 162 Provides that a person is guilty of the crime of possession of burglar’s tools or instruments facilitating theft when the person possesses any tool, instrument, or other thing adapted, designed, or commonly used for committing or facilitating the offense of identity theft, such as a credit card, driver license or other document issued in a name other than the name of the person who possesses the document. |
| Florida | H.B. 481 Signed by governor 6/14/05, Chapter 229 S.B. 284 Laid on table 5/3/05 Relates to the unlawful use of personal identification information; includes other information within the definition of the term “personal identification information”; defines the term “counterfeit or fictitious personal identification information”; revises criminal penalties regarding the offense of fraudulently using, or possessing with intent to fraudulently use, said information; requires business persons maintaining computerized data that includes personal information to provide notice of breaches of system security. |
| Georgia | S.B. 127 Signed by governor 5/10/05, Act 389 Relates to forgery and fraudulent practices, so as to enact the “Georgia Computer Security Act of 2005.” Prohibits certain deceptive acts and practices with regard to computers; requires certain notices be given prior to certain software or programs being loaded onto certain computers; requires certain functions be available in certain software; provides for certain exceptions; provides for civil and criminal penalties; provides for recovery of certain damages. |
| Hawaii | S.B. 1170 Signed by governor 5/19/05, Act 65 Establishes a Hawaii Anti-Phishing Task Force to review other jurisdictions’ activities on curtailing electronic commerce criminal activities. Requires the task force to submit a report and make recommendations prior to the 2006 regular session. |
| Idaho | S.B. 1156 Signed by governor 3/31/05, Chapter 219 Amends existing law to provide that it is unlawful for any person to falsely assume or pretend to be a member of the armed forces of the United States or an officer or employee acting under authority of the United States or any department, agency or office thereof or of the state of Idaho or any department, agency or office thereof, and in such pretended character, seek, demand, obtain or attempt personal identifying information of another person; and provides felony penalties for such action. |
| Illinois | H.B. 265 Signed by governor 7/19/05, Public Act 94-0245 Amends the Use of Credit Information in Personal Insurance Act. Defines extraordinary life events to include identity theft. |
| H.B. 457 Signed by governor 7/19/05, Public Act 94-0253 Provides that a prosecution for identity theft or aggravated identity theft may be commenced at any time (rather than within one year and six months after the commission of the offense if it is misdemeanor identity theft and within three years after commission of the offense if it is felony identity theft or aggravated identity theft). |
|
| H.B. 1088 Signed by governor 12/5/05, Public Act 94-0701 Amends the Illinois Identification Card Act. Provides that a person convicted of certain fraudulent ID card violations when there are aggravating circumstances is guilty of a Class 3 felony (now, Class 4 felony) and for a second or subsequent violation is guilty of a Class 2 felony (now, Class 3 felony). |
|
| H.B. 2696 Signed by governor 6/16/05, Public Act 94-0037 Provides that it is an unlawful practice for a person to deny credit or public utility service to or reduce the credit limit of a consumer solely because the consumer has been a victim of identity theft, if the consumer i) has provided a copy of an identity theft report as defined under the federal Fair Credit Reporting Act and implementing regulations (instead of a police report) evidencing the consumer’s claim of identity theft; ii) has provide d a properly completed copy of a standardized affidavit of identity theft or an affidavit of fact that is acceptable to the person for that purpose; iii) has obtained placement of an extended fraud alert in his or her file maintained by a nationwide consumer reporting agency, in accordance with the requirements of the federal Fair Credit Reporting Act; and iv) is able to establish his or her identity and address to the satisfaction of the person providing credit or utility services. |
|
| H.B. 2697 Signed by governor 6/16/05, Public Act 94-0038 Amends the Criminal Code of 1961. Provides that a person who is not a party to a transaction that involves the use of a financial transaction device may not secretly or surreptitiously photograph, or otherwise capture or record, electronically or by any other means, or distribute, disseminate, or transmit, electronically or by any other means, personal identifying information from the transaction without the consent of the person whose information is photographed, or otherwise captured, recorded, distributed, disseminated, or transmitted. Provides that a violation is a Class A misdemeanor. |
|
| H.B. 2699 Signed by governor 6/16/05, Public Act 94-0039 Amends the Criminal Code of 1961. Increases the penalties for identity theft and aggravated identity theft by one class higher than the current law. |
|
| H.B. 2700 Signed by governor 6/17/05, Public Act 94-0051 Amends the Criminal Code of 1961. Provides that a person who commits the offense of identity theft or aggravated identity theft may be tried in any one of the following counties in which: 1) the offense occurred; 2) the information used to commit the offense was illegally used; or 3) the victim resides. Provides that if a person is charged with more than one violation of identity theft or aggravated identity theft and those violations may be tried in more than one county, any of those counties is a proper venue for all of the violations. |
|
| Iowa | H.F. 614 Signed by governor 5/3/05 Protects owners and operators of computers from the use of spyware and malware that is deceptively or surreptitiously installed on the owner’s or the operator’s computer. |
| S.F. 270 Signed by governor 4/6/05 Relates to identity theft including criminal violations and damages recoverable in a civil action, provides forforfeiture of property and for certain rights of financial institutions, and provides for civil remedies. |
|
| Kansas | H.B. 2087 Signed by governor 4/13/05 Changes the definition of identity theft from someone who uses personal identification to knowingly and intentionally defraud a person for economic benefit, to a person receiving any benefit from using someone else’s personal identification. Establishes identity theft for economic benefit as a severity level 7 person felony, and identity theft for non-economic benefit as a class A non-person misdemeanor under Kansas criminal code. |
| Maine | L.D. 581 Signed by governor 5/26/05, Chapter 243 Prohibits a consumer reporting agency from furnishing a consumer report or disclosing information about a consumer unless the consumer has authorized the disclosure if the consumer has given a copy of a police report to the consumer reporting agency that was prepared by a law enforcement agency in an investigation of identity theft involving the consumer. |
| Maryland | H.B. 800 Signed by governor 5/26/05, Chapter 579 Requires a local law enforcement agency, after being contacted by a person who knows or reasonably suspects that the person is a victim of identity fraud, to promptly prepare and file a report of the alleged identity fraud and provide a copy of the report to the victim. |
| H.B. 818 Signed by governor 4/26/05, Chapter 241 Establishes a Task Force to Study Identity Theft; specifies the membership and duties of the Task Force; provides for the appointment of a Senate co-chairman and House co-chairman of the Task Force; provides for the staffing of the Task Force; prohibits a member of the Task Force from receiving compensation for serving on the Task Force; authorizes a member of the Task Force to receive reimbursement; requires a report to the General Assembly by December 31, 2006. |
|
| S.B. 43 Signed by governor 4/23/05, Chapter 242 Establishes a Task Force to Study Identity Theft; specifies the membership and duties of the Task Force; provides for the appointment of a Senate co-chairman and House co-chairman of the Task Force; provides for the staffing of the Task Force; prohibits a member of the Task Force from receiving compensation for serving on the Task Force; authorizes a member of the Task Force to receive reimbursement for specified expenses; requires a report to the General Assembly on or before December 31, 2006. |
|
| Montana | H.B. 110 Signed by governor 3/24/05, Chapter 55 Creates an identity theft passport program. |
| H.B. 732 Signed by governor 4/28/05, Chapter 518 Adopts and revises laws to implement individual privacy and to prevent identity theft; requires a consumer reporting agency to block or expunge information on a report that results from a theft of identity; provides privacy protection provisions for credit card solicitations and renewals and telephone accounts; provides privacy protection for business records by requiring destruction of records; requires businesses to report a breach of computer security; requires a business that has an established business relationship with a customer and that has disclosed certain personal information to third parties to report that information to the customer; providing remedies and penalties for violation. |
|
| S.J.R. 38 Passed both houses 4/19/05 Requests the Legislative Council to designate an appropriate interim committee or direct sufficient staff resources to study issues related to identity theft, including jurisdictional issues regarding federal and state authority, the prosecution of internet crimes, the role of credit reports and credit reporting agencies, the role of education for businesses and consumers, victim restitution, sales of personal information by third parties and direct marketing firms, and other identity theft issues raised during the study. |
|
| Nevada | A.B. 1, Special Session Signed by governor 6/17/05, Chapter 6 Changes the effective date for A.B. 334 and amends the definition of personal information in S.B. 347. |
| S.B. 304 Signed by governor 6/8/05, Chapter 321 Authorizes the attorney general to issue identity theft passports to victims of identity theft; prescribes the manner in which victims of identity theft may use such passports; requires the attorney general to adopt regulations relating to the issuance of identity theft passports; authorizes the attorney general to accept gifts, grants and donations to carry out the provisions relating to the issuance of identity theft passports; makes an appropriation. |
|
| S.B. 347 Signed by governor 6/17/05, Chapter 485 Relates to personal identifying information; prohibits the establishment or possession of a financial forgery laboratory; enhances the penalties for crimes involving personal identifying information that are committed against older persons and vulnerable persons; requires the issuer of a credit card to provide a notice including certain information concerning its policies regarding identity theft and the rights of cardholders when issuing a credit card to a cardholder; requires data collectors to provide notification concerning any breach of security involving system data; making various other changes concerning personal identifying information; provides penalties; and provides other matters properly relating thereto. |
|
| New Jersey | A.B. 2768 Signed by governor 9/22/05, Chapter 224 Expands the current laws concerning identity theft and the sale of simulated documents by prohibiting the sale, manufacture, possession and exhibition of a false birth certificate and also by prohibiting using a false birth certificate to obtain a government document which could be used for verifying a person’s identity. |
| A.B. 4001 Signed by governor 9/22/05, Chapter 226 S.B. 1914 Substituted 6/23/05 S.B. 2665 Allows victims of identity theft to obtain an official incident record from their local law enforcement agency if the victim has learned or reasonably suspects that he has been a victim of identity theft. The victim may contact their local law enforcement agency to make a complaint and provide the victim with a police report. Establishes a procedure whereby a victim of identity theft could obtain a factual determination of innocence and access a statewide identity theft registry. After an order has been issued, the court may order that the name and personal identifying information of the victim contained in court records, files and indexes be deleted, sealed or labeled to show that the data is impersonated and does not reflect the defendant’s identity. Requires the Administrative Office of the Courts (AOC) to establish and maintain a data base of persons who have been victims of identity theft and that have received determinations of factual innocence. Access to the database would be limited to criminal justice agencies, victims of identity theft and any other persons and agencies authorized by the victims. The AOC would also be required to establish a toll-free number to provide access information to victims of identity theft. Amends and supplements the “New Jersey Fair Credit Reporting Act,” to require that a consumer reporting agency place a security freeze on a consumer credit report within five business days of receiving a request to do so either in writing by certified mail or by a telephone request with certain accompanying personal identifying information; or within three business days of receiving a secure electronic mail request, and prohibits the release of information from the report while the freeze is in place, except as provided by the bill. Provides that the consumer reporting agency shall provide notice to a consumer of the availability and mechanics of the security freeze in a notice, the form of which is provided in the bill, at any time a consumer is required to receive a summary of rights under section 609 of the federal “Fair Credit Reporting Act.” Requires a consumer reporting agency to provide a consumer with an identification number to be used for temporarily lifting a freeze upon a consumer credit report or authorizing the subsequent release of information from a consumer credit report that is subject to a security freeze. Further, the bill stipulates that a security freeze shall remain in place until either the consumer requests to have the security freeze removed, or upon discovery by the consumer reporting agency that the consumer’s credit report was frozen due to a material misrepresentation by the consumer. Also, if a third party requests access to a consumer credit report on which a security freeze is in effect, and this request is in connection with an application for credit or any other benefit, and the consumer does not allow the report to be accessed, the third party may treat the application as incomplete. A consumer reporting agency that negligently or willfully violates the security freeze sections of the bill shall notify the consumer of the misconduct within five business days and may be subject to civil and injunctive penalties. Any data collector that owns or uses personal information concerning a New Jersey resident shall notify the resident that there has been a security breach related to the data following discovery or notification of the breach. The disclosure notifications shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement. The disclosure may be delayed, however, if a law enforcement agency determines that notification will impede a criminal investigation. Any data collector that maintains computerized data that includes personal information that the data collector does not own shall notify the owner or licensee of the information of any breach of the security of the system immediately following discovery. Any individual injured by a violation of the security breach section of the bill may institute a civil action to recover damages or injunctive relief. Requires any business that conducts business in New Jersey and any business that maintains or otherwise possesses personal information of New Jersey residents must take all reasonable measures to protect against unauthorized access to or use of that information in connection with or after its disposal. Further, the procedures used in the destruction and disposal of the personal records must be comprehensively described and classified as official policy in the writings of the business entity. A violation of the destruction of records provisions of the bill shall be punishable by a civil penalty not to exceed $3,000 for each violation, injunctive relief and actual damages, costs and reasonable attorney’s fees. Prohibits any person, including a public or private entity from: (1) intentionally communicating or otherwise making available to the public an individual’s Social Security number; (2) printing an individual’s Social Security number on any card required for the individual to access products or services provided by the person; (3) requiring an individual to transmit his Social Security number over the Internet, unless the connection is secure or the Social Security number is encrypted; (4) requiring an individual to use his Social Security number to access an Internet Web site, unless a password or unique personal identification number or other authentication device is also required to access the Internet Web site; (5) printing an individual’s Social Security number on any materials that are mailed to the individual, unless State or federal law requires the Social Security number to be on the document to be mailed; (6) selling, leasing, loaning, trading, renting, or otherwise disclosing an individual’s Social Security number to a third party for any purpose without written consent to the disclosure from the individual; or (7) refusing to do business with an individual because the individual will not consent to the receipt by that person of the Social Security number of that individual, unless that person is expressly required under State or federal law, in connection with doing business with an individual, to submit to the state or federal government, as applicable, that individual’s Social Security number. Unauthorized use of a Social Security number is punishable by a $3,000 fine for a negligent violation, and a $5,000 fine or up to 15 days imprisonment, or both, for knowingly violating this section. An aggrieved individual may recover actual damages or $5,000, whichever is greater, plus reasonable attorney’s fees and court costs. |
|
| New Mexico | S.B. 720 Signed by governor 4/7/05, Chapter 296 Creates a new criminal offense known as obtaining identity by electronic fraud; increases a penalty. |
| North Carolina | H.B. 1248 Passed House 5/23/05 S.B. 1048 Signed by governor 9/21/05, Session Law 414 Enacts the Identity Theft Protection Act of 2005, including consumer report security freezes and protections for Social Security numbers. |
| North Dakota | H.B. 1211 Signed by governor 3/30/05 Relates to unauthorized use of personal identifying information of a deceased individual; and provides a penalty. |
| H.B. 1500 Signed by governor 4/22/05 Provides for protection of victims of identity fraud; and provides a penalty. |
|
| H.C.R. 3042 Passed both houses 4/4/05 Directs the Legislative Council to study the laws of this state and other states as they relate to the unauthorized acquisition, theft, and misuse of personal identifying information belonging to another individual. |
|
| S.B. 2251 Signed by governor 4/22/05 Relates to requiring disclosure to consumers of a breach in security by businesses maintaining personal information in electronic form; relates to the unauthorized use of personal identifying information, penalties, and prosecution of offenses in multiple counties; jurisdiction in offenses involving conduct outside this state; and provides a penalty. |
|
| Ohio | H.B. 48 Signed by governor 6/14/05, Session Law 22 Increases the penalty for identity fraud in certain circumstances, including when it is committed against an elderly person or disabled adult, modifies the affirmative defenses available for that offense, and creates the Identity Fraud Passport. |
| Rhode Island | H.B. 6191 Effective without governor’s signature 7/10/05, Public Law 225 Creates the “Rhode Island Identity Theft Protection Act of 2005”, and establishes standards for such protection, and provides for penalties for violations of the act. |
| Texas | H.B. 982 Signed by governor 5/27/05 Relates to posting a sign warning restaurant or bar employees against fraudulent use or possession of identifying information; provides a criminal penalty. |
| H.B. 1098 Signed by governor 6/17/05, Chapter 544 S.B. 326 Relates to using the Internet to obtain identifying information of another person for a fraudulent purpose; provides penalties. |
|
| H.B. 1321 Tabled 5/12/05 S.B. 122 Signed by governor 6/17/05 Amends the Code of Criminal Procedure by requiring that a peace officer to whom an alleged violation of identity theft is reported make a written report that includes the name of the victim, suspect, if known, type of identifying information obtained, possessed, transferred, or used, and the results of the investigation. Sets forth provisions for prevention and punishment of identity theft and assistance to certain victims of identity theft. Imposes a civil penalty of at least $2,000 but not more than $50,000 for each identity theft violation and authorizes the attorney general to bring an action in the name of the state against the person to restrain the violation by a temporary restraining order or a permanent or temporary injunction. Gives the attorney general the option to file in a district court in Travis County or in any county in which the offense occurred or where the victim lives. Authorizes the attorney general to recover reasonable expenses incurred in obtaining injunctive relief and civil penalties. Penalties collected by the attorney general under this section would be required to be deposited into the General Revenue Fund and could be appropriated only for the investigation and prosecution of other cases under Chapter 48 of the Code of Criminal Procedure. Sets out that no bond is required and gives the court authority to grant other equitable relief to protect victims. Gives a victim the option to file an application with the district court for the issuance of a court order to declare them a victim of identity theft. Information contained in the court order would be considered confidential. |
|
| H.B. 1379 Signed by governor 6/18/05, Chapter 1059 Makes communications by a seller of goods or services to a member of a law enforcement agency regarding an investigation of an identity theft violation inadmissible in a civil action. |
|
| H.B. 1430 S.B. 327 Signed by governor 6/17/05, Chapter 298 Prohibits the unauthorized collection or transmission of personally identifiable information, including Social Security number and credit card numbers, unauthorized transmission or modifications of computer settings, unauthorized interference with installation or disabling of computer software, damage, or any other deceptive act to obtain information from a consumer’s computer. Provides the attorney general authority to bring suit to seek injunctive relief and recover civil penalties of an amount not to exceed $100,000 for each violation of this statute as well as reasonable attorneys fees and costs. In addition, the bill adds a definition for “cause computer software to be copied;” provides clean up language to incorporate this definition; and adds additional provisions to protect consumers. The bill also adds additional provisions for private causes of action. |
|
| H.B. 2013 Tabled 5/5/05 H.B. 3212 S.B. 99 Signed by governor 5/20/05 Prohibits a lender or any other person involved in a transaction from denying credit or loans or restricting or limiting the credit extended to a person based on the person being a victim of identity theft. Provides victims of identity theft with another tool to mend their credit histories and bring state law in line with the Federal Equal Credit Opportunity Act, which prohibits creditors from discriminating against credit applicants who exercise their rights, in good faith, under the Fair Credit Billing Act. |
|
| Utah | S.B. 118 Signed by governor 3/11/05, Chapter 101 Includes the personal identifying information of persons who are deceased in the statute that prohibits the use of identifying information to commit identity fraud crimes. |
| Virginia | H.B. 2471 Signed by governor 3/26/05, Chapter 827 S.B. 1163 Signed by governor 3/26/05, Chapter 761 Updates the Virginia Computer Crimes Act to include recommendations made by the 2004 joint study on Computer Crimes by the Joint Commission on Technology and Science and Virginia State Crime Commission. Modernizes definitions of “computer”, “using a computer” and “without authority” to comport with changing technology. Revises provisions regarding computer trespass, a Class 1 misdemeanor, unless the damage to the property of another is $1,000 ($2,500 under current law) or more, in which case it is a Class 6 felony. Provisions regarding computer invasion of privacy are rewritten to include unauthorized gathering of identifying information and Class 6 penalties added for persons with previous convictions, selling or distributing the information to another or using the information in the commission of another crime. Adds as a new Class 6 felony using a computer to fraudulently gather identifying information of another (phishing), unless the information is sold or distributed to another or the information is used in the commission of another crime, in which case it is a Class 5 felony. Statute of limitation and venue provisions are relocated in the Code. |
| H.B. 2631 Signed by governor 3/26/05, Chapter 837 Revises provisions in the Virginia Computer Crimes Act relating to computer fraud and redefines computer invasion of privacy by including the unauthorized gathering of identifying information and punishes subsequent offenses and transferring the information to another or use of the information in the commission of another crime as a Class 6 felony. Currently, the offense is punishable as a Class 1 misdemeanor. Additionally, the fraudulent gathering of such information is punished as a Class 6 felony, a new crime, and transferring the information to another or use of the information in the commission of another crime is a Class 5 felony. |
|
| S.B. 1147 Signed by governor 3/26/05, Chapter 760 Makes it a Class 6 felony to fraudulently obtain, record, or access from a computer the following identifying information of another: (i) social security number; (ii) driver’s license number; (iii) bank account numbers; (iv) credit or debit card numbers; (v) personal identification numbers (PIN); (vi) electronic identification codes; (vii) automated or electronic signatures; (viii) biometric data; (ix) fingerprints; (x) passwords; or (xi) any other numbers or information that can be used to access a person’s financial resources, obtain identification, act as identification, or obtain goods or services. Any person who sells or distributes such information or uses it to commit another crime is guilty of a Class 5 felony. |
|
| Washington | H.B. 1012 Signed by governor 5/17/05, Chapter 500 Declares that it is unlawful for a person who is not an owner or operator to transmit computer software to the owner or operator’s computer with actual knowledge or with conscious avoidance of actual knowledge and to use such software to do any of the following: (1) Modify, through intentionally deceptive means, settings that control any of the following: (a) The page that appears when an owner or operator launches an Internet browser or similar computer software used to access and navigate the Internet; (b) the default provider or web proxy the owner or operator uses to access or search the Internet; and (c) the owner or operator’s list of bookmarks used to access web pages; (2) Collect, through intentionally deceptive means, personally identifiable information: (a) Through the use of a keystroke-logging function that records all keystrokes made by an owner or operator and transfers that information from the computer to another person; (b) in a manner that correlates such information with data respecting all or substantially all of the Web sites visited by an owner or operator, other than Web sites operated by the person collecting such information; and (c) described in section 1(10) (d), (e), or (f)(i) or (ii) of this act by extracting the information from the owner or operator’s hard drive; (3) Prevent, through intentionally deceptive means, an owner or operator’s reasonable efforts to block the installation or execution of, or to disable, computer software by causing the software that the owner or operator has properly removed or disabled automatically to reinstall or reactivate on the computer; (4) Intentionally misrepresent that computer software will be uninstalled or disabled by an owner or operator’s action; and (5) Through intentionally deceptive means, remove, disable, or render inoperative security, antispyware, or antivirus computer software installed on the computer. Declares that it is unlawful for a person who is not an owner or operator to transmit computer software to the owner or operator’s computer with actual knowledge or with conscious avoidance of actual knowledge and to use the software to do any of the following: (1) Take control of the computer by: (a) Accessing or using the modem or internet service for such computer to cause damage to the computer or cause an owner or operator to incur financial charges for a service that is not authorized by the owner or operator; (b) opening multiple, sequential, stand-alone advertisements in the owner or operator’s Internet browser without the authorization of an owner or operator and that a reasonable computer user cannot close without turning off the computer or closing the internet browser; (2) Modify any of the following settings related to the computer’s access to, or use of, the Internet: (a) Settings that protect information about the owner or operator in order to steal the owner or operator’s personally identifiable information; and (b) security settings in order to cause damage to a computer; and (3) Prevent an owner or operator’s reasonable efforts to block the installation of, or to disable, computer software by doing any of the following: (a) Presenting the owner or operator with an option to decline installation of computer software with knowledge that, when the option is selected, the installation nevertheless proceeds; and (b) falsely representing that computer software has been disabled. Declares that it is unlawful for a person who is not an owner or operator to do any of the following with regard to the owner or operator’s computer: (1) Induce an owner or operator to install a computer software component onto the computer by intentionally misrepresenting the extent to which installing the software is necessary for security or privacy reasons or in order to open, view, or play a particular type of content; and (2) Deceptively cause the execution on the computer of a computer software component with the intent of causing an owner or operator to use the component in a manner that violates any other provision of this act. Authorizes a person who is injured under this act to bring a civil action in the superior court to enjoin further violations, or to seek up to $1,000 per violation, or actual damages, whichever is greater. The injured individuals may not bring their cause of action as a class action. Nothing in this section prohibits the attorney general from bringing a class action suit under chapter 19.86 RCW. Provides that, in an action under this act, a court may increase the damages up to three times the damages allowed if the defendant has engaged in a pattern and practice of violating this act. The court may also award costs and reasonable attorneys’ fees to the prevailing party. Declares an intent that this act is a matter of statewide concern. This act supersedes and preempts all rules, regulations, codes, ordinances, and other laws adopted by a city, county, city and county, municipality, or local agency regarding spyware and notices to consumers from computer software providers regarding information collection. |
| H.B. 1888 Signed by governor 3/10/05, Chapter 378 Prohibits a person from soliciting, requesting, or taking any action to induce another person to provide personally identifying information by means of a Web page, electronic mail message, or otherwise using the Internet by representing oneself, either directly or by implication, to be a business or individual, without the authority or approval of such business or individual. Defines “personally identifiable information” as any of the following types of information: 1) Social Security number; 2) driver’s license number; 3) bank account number; 4) credit or debit card number; 5) personal identification number; 6) automated or electronic signature; 7) unique biometric data; 8) account passwords; or 9) any other piece of information that can be used to access an individual’s financial accounts or to obtain goods or services. Allows an injured person to bring a civil action against a person or entity that directly violates these provisions and seek damages of up to $500 per violation, or actual damages, whichever is greater. Allows an Internet Service Provider, an owner of a Web page, or a trademark owner to bring a civil action against a person or entity that directly violates these provisions and seek to enjoin further violations, and may also recover $5,000 per violation, or actual damages, whichever is greater. In addition, the court may increase the damage award up to three times (up to $15,000) if the defendant has engaged in a pattern and practice of engaging in the prohibited activities. The court may also award costs and reasonable attorneys’ fees to the prevailing party. A violation of these provisions is defined as an unfair or deceptive act for purposes of applying the Consumer Protection Act. |
|
| S.B. 5939 Signed by governor 5/10/05, Chapter 366 Requires police and sheriff’s departments to provide a police report or original incident report at the request of any consumer claiming to be a victim of identity theft. |
Leave a Reply