Identity Theft Laws

There are a number of federal and state laws that deal with identity theft.

• Federal
1. Credit
a. Fair Credit Reporting Act- establishes procedures for correcting errors on your credit report and requires that your records be requested for legitimate business needs only.
b. Fair Credit Billing Act- established procedures for correcting billing errors on credit card accounts and limits the cardholders responsibility for fraudulent charges
c. Fair Debt Collection Practice Act- prohibits debt collectors from using unfair or deceptive means to collect payment that is overdue
d. Electronic Funds Transfer Act- protects consumers when using a debit card and limits their liability for unauthorized electronic fund transfers.
2. Criminal
a. Identity Theft and Assumption Deterrence Act- defines identity theft and makes it a federal crime
b. Identity Theft Penalty Enhancement Act- establishes penalties for aggravated identity theft
3. Privacy and Information Security
a. Driver’s Privacy Protection Act of 1994- limits the record keeping of the DMV with regards to disclosures of personal information
b. Family Educational Rights and Privacy Act of 1974- limits the disclosure of educational records by agencies that receive federal funding
c. Gramm-Leach-Bliley Act- requires that federal agencies protect the privacy of consumers’ personal financial information
d. Health Information Portability and Accountability Act of 1996- requires all health care administrators protect the confidentiality of the patient

• State
1. Credit Information Blocking- Alabama, California, Colorado, Idaho, and Washington require that credit reporting agencies block false information from a victim’s credit report within 30 days of notification.
2. Criminals- Laws vary from state to state. Colorado, Vermont, and the U.S. Virgin Islands do not have specific laws regarding identity theft.
3. Fraud Alerts- Visit the website for the California Office of Privacy Protection to review their policies on fraud alert.
4. Social Security Numbers- In the state of Rhode Island, under R.I. Gen. Laws Section 6-13-17, no person may require a consumer of goods or services to disclose a social security number, unless required by federal law. This excludes insurance companies, health care or pharmaceutical companies, or credit card companies.

References
www.consumer.gov/idtheft
www.ou.edu/oupd/idtheft3a.htm#PREVENT7
www.bbbonline.org/idtheft/virtual.asp