BILL ANALYSIS
By: Giddings
BACKGROUND AND PURPOSE
Current laws addressing identity theft are woefully inadequate and the rights of victims of this crime are not clearly defined. It is necessary to improve prevention of identity theft and to more appropriately respond to cases that do arise.
RULEMAKING AUTHORITY
It is the committee's opinion that this bill does not expressly grant any additional rulemaking authority to a state officer, department, agency, or institution.
ANALYSIS
The bill amends the Code of Criminal Procedure to require that a peace officer must make a written report containing the relevant details of a case of fraudulent use or possession of identifying information and requires the peace officer to provide a copy of that report--censored, if necessary to prevent dissemination of confidential information--to the victim if the victim requests a copy of the report.
The bill also amends the Business & Commerce Code to establish the AIdentity Theft Enforcement and Protection Act@ (ITEPA).
The bill declares that a person may not obtain, possess, transfer, or use personal identifying information of another person without the other person=s consent and with intent to obtain a good, service, insurance, an extension of credit, or any other thing of value in the other person=s name.
The bill establishes a business= duty to protect and safeguard the personal identifying information of its customers.
The bill establishes a victim=s right to information--within 10 business days--from a business that was a party to a fraudulent transaction by giving to the victim copies of relevant applications or transaction information related to the offense, including the personal identifying information that the unauthorized offender used to engage in the transaction or to complete the application. It provides that the victim must submit a signed and dated statement authorizing this disclosure for a stated period of time, specifying the law enforcement agency to which disclosure is authorized, identifying the types of information authorized to be disclosed, and authorizing the victim to revoke the authorization at any time.
The bill establishes a civil penalty of between $2,000 and $50,000 for each violation of fraudulent use or possession of identifying information, payable to the State. The Attorney General may bring suit to recover the civil penalty imposed. If it appears to the Attorney General that a person is engaging in, has engaged in, or is about to engage in conduct that violates this legislation=s provisions, the Attorney General may bring an action in the name of the State against the person to restrain the violation by a temporary restraining order or via a permanent or temporary injunction. It clarifies that venue in such cases is Travis County, any county in which the violation occurred, or in the county wherein the victim resides--regardless of whether the alleged violator has resided, worked, or done business in the county in which the victim resides.
The bill establishes a victim=s prerogative to obtain a court order declaring the victim to have been one of the crime of identity theft, regardless of whether the victim is able to identify each person who allegedly transferred or used the victim=s personal identifying information in an unlawful manner. The court=s order must contain, among other things, information identifying any financial account or transaction affected by the alleged violation or offense including the name of the financial institution with which the account exists, or the merchant involved in the transaction together with any relevant account numbers, the dollar amount of the account or transaction affected by the alleged violation or offense, and the date of the alleged violation or offense.
A court order of this type must be sealed due to the confidential nature of the information therein but may be opened and it, or a copy of same, be released only to the proper officials in a civil proceeding brought by or against the victim arising or resulting from a violation--including a proceeding to set aside a judgment obtained against the victim. It may also be released to the victim for the purpose of submitting the copy of the order to a governmental entity or to a business entity to prove that a particular transaction was a violation of this legislation and to correct any record of the entity which contains inaccurate or false information as a result of the violation or offense.
The bill declares that a violation of this provisions constitutes a deceptive trade practice, but goes on to clarify that good faith reliance on a consumer report by a financial institution is an affirmative defense to an action brought against the financial institution in a case arising pursuant to this legislation.
EFFECTIVE DATE
September 1, 2005.
The amendment directs a business, in protecting and safeguarding personal information collected by the business, to arrange for the destruction of personal identifying information not to be retained by the business by shredding, erasing or otherwise modifying the information to make it unreadable.