Identity Theft

Background

In 2019, an estimated 14.4 million Americans were victims of identity fraud. Of these, 3.3 million had to pay at least some of the cost of the fraud. Several federal laws protect against identity theft and fraud, but there is no federal data breach law. Instead, each state has its own data breach law. Federal legal protections include providing consumer protections related to credit files compiled by the three major credit bureaus. For example, federal law provides consumers with the right to:

  • review their credit file from each major credit reporting agencies once a year for free;
  • correct inaccuracies in their credit files; and
  • place a fraud alert or a security freeze on each credit file.

The federal government does not require companies to notify consumers of data breaches involving consumers’ personal information. But all states and territories do require it for security breaches involving certain categories of information.

The Fair and Accurate Credit Transactions (FACT) Act of 2003 allows consumers to review their credit files from each of the three bureaus, correct inaccuracies in the files, and place a fraud alert when identity theft is suspected. In addition, the Economic Growth, Regulatory Relief, and Consumer Protection Act of 2018 allows all Americans to place a security freeze on their credit reports for free. It also requires the Federal Trade Commission to post a website with links to credit reporting agencies to request a freeze.

Both these federal laws preempt state laws. The FACT Act preempts state law in a number of areas, including the sharing of information among affiliated companies. The Economic Growth, Regulatory Relief, and Consumer Protection Act preempts state security freeze laws, including those that would limit who can gain access to an individual’s credit record while under a credit freeze.

As hackers have gotten more sophisticated, it has become more important to have robust systems for detecting fraud. One promising development is the use of artificial intelligence. This technology allows computers to review patterns in an individual’s spending habits and then flag deviations from expected behavior.

IDENTITY THEFT: Policy

IDENTITY THEFT: Policy

Identity Theft

Federal policymakers should strengthen protections and enforcement against identity theft. This includes increasing the security of information and databases of businesses that maintain extensive databases of consumer information, such as federally regulated financial institutions.

Policymakers should encourage the use of artificial intelligence (AI) to improve cybersecurity. They should continue to ensure access to products and services that utilize AI for legitimate users, including older adults.

State and local policymakers should strengthen protections against identity theft in areas in which they have jurisdiction. This includes enhanced penalties and enforcement.

State and local policymakers should provide greater resources and training for law enforcement personnel to improve their response to victims. They should also create and implement interjurisdictional programs to share information related to identity theft crimes and apprehend perpetrators.

Financial education programs should include training about the dangers of posting personally identifying information on social networking sites.