Identity theft has been described as the use of one person’s identity by another to commit fraud. See Remsburg v. Docusearch, Inc. (2003) 149 N.H. 148, 155, 816 A.2d 1001, 1007. This case was about an individual seeking personal information (e.g., date-of-birth, social security number, work address) about someone else from an internet-based investigation and information service company. Unfortunately, the culprit, who obtained the personal information, located and fatally shot the victim as she left work. Thereafter, the victim’s mother sued the defendants for negligence, invasion of privacy, and violation of the state consumer protection act. In response, the federal court issued an order of certification and outlined the following factual questions to be determined by the state Supreme Court:
(1) Under the common law of New Hampshire and in light of the undisputed facts presented by this case, does a private investigator or information broker who sells information to a client pertaining to a third party have a cognizable legal duty to that third party with respect to the sale of the information?
(2) If a private investigator or information broker obtains a person’s social security number from a credit reporting agency as a part of a credit header without the person’s knowledge or permission and sells the social security number to a client, does the individual whose social security number was sold have a cause of action for intrusion upon her seclusion against the private investigator or information broker for damages caused by the sale of the information?
(3) When a private investigator or information broker obtains a person’s work address by means of a pre-textual telephone call and sells the work address to a client, does the individual whose work address was deceitfully obtained have a cause of action for intrusion upon her seclusion against the private investigator or information broker for damages caused by the sale of the information?
(4) If a private investigator or information broker obtains a social security number from a credit reporting agency as a part of a credit header, or a work address by means of a pretextual telephone call, and then sells the information, does the individual whose social security number or work address was sold have a cause of action for commercial appropriation against the private investigator or information broker for damages caused by the sale of the information?
(5) If a private investigator or information broker obtains a person’s work address by means of a pre-textual telephone call, and then sells the information, is the private investigator or information broker liable under N.H. Rev. Stat. Ann. § 358-A to the person it deceived for damages caused by the sale of the information?
In the past years, the disclosure risk of personal information has substantially increased in all sectors. So, the states have passed legislation to protect their citizens. For example, in California, Penal Code § 530.5 states that:
Every person who willfully obtains personal identifying information, as defined in subdivision (b) of § 530.55, of another person, and uses that information for any unlawful purpose, including to obtain, or attempt to obtain, credit, goods, services, real property, or medical information without the consent of that person, is guilty of a public offense, and upon conviction therefor, shall be punished by a fine, by imprisonment in a county jail not to exceed one year, or by both a fine and imprisonment, or by imprisonment in the state prison.
California Penal Code § 1202.4 provides for restitution by authorizing the courts to order a defendant to pay: (1) a restitution fine; and (2) restitution to the victim which is enforceable as if the order was a civil judgment.
The types of personal information that are subject to protection include the victim’s name, social security number, taxpayer identification number, driver’s license number, passport number, address, or phone number. Financial information (e.g., bank account information, credit card numbers) is subject to protection. Moreover, biometric information (e.g., fingerprints, voiceprints, retina images) is also subject to protection.
Thus far, Congress has passed two laws to prevent identity theft:
- Identity Theft and Assumption Deterrence Act: It amended 18 U.S.C. Section 1028 and made it a federal crime to knowingly transfer or use, without lawful authority, a means of identification of another person with the intent to commit … an illegal act that constitutes a violation of federal law or a felony under any state or local law.
- Identity Theft Penalty Enhancement Act: It established penalties for “aggravated” identity theft, which is using the identity of another individual to commit felony crimes (e.g., immigration violations, social security benefit thefts, domestic terrorism). This law requires the court to sentence two more years for a general offense and five years for a terrorism offense.
We work with clients regarding internet, technology, and computer laws. Please feel free to contact our law firm to speak with an attorney who has knowledge about identity theft laws.