One of the keys to combating identity theft is having effective legislation for its prevention, detection and mitigation. Statutory measures alone are not, of course, a complete solution: also important are enforcement, sound policies and effective public and private sector practices. Comprehensive education and awareness programs, effective reporting mechanisms and prudent choices on the part of individuals are also part of the solution. However, a strong legal framework can also provide a foundation for tackling the problems associated with identity theft.
During the last decade, Canada, the U.S. and other countries have passed legislation that directly and indirectly pertain to identity theft. The U.S. has been especially proactive on this front. With time, legislative activity will increase as governments react to the increasingly pervasive and sophisticated nature of identity theft and respond to growing public awareness and demands for action.
Statutory measures applicable to identity theft fall into two groups: prevention measures, which aim to deter identity fraud; and enforcement measures, aimed at detection, prosecution and conviction of identity thieves and mitigation of the impact on victims. Some statutes specifically target identity fraud, while others have different stated objectives but in effect do address various aspects of the problem. The latter include statutes prohibiting business practices that facilitate identity theft, those instituting procedures for issuing government identification documents, and legislation related to privacy and information collection and management.
This Working Paper analyses existing and proposed statutory measures in Canada, the U.S., the U.K., Australia and France, which aim to prevent or reduce the prevalence of identity theft and deal with its aftermath. Supplementary Working Papers 3A, 3B, and 3C provide an annotated inventory of applicable legislation in each country, including proposed legislation in Canada and the U.S. Excerpts from relevant statutes are provided in appendices to these papers. Legislation and caselaw relating specifically to the disclosure of security breaches are reviewed separately in the CIPPIC White Paper, “Approaches to Security Breach Notification”.
These papers fill a gap in the literature on identity theft, in that they contain the first comprehensive review of Canadian legislation that can be used against identity theft, and the first comparative review of various countries’ identity theft statutes of which we are aware.
CONTENTS
1. INTRODUCTION
2. CANADA
2.1. INTRODUCTION
2.2. LEGISLATIVE AUTHORITY IN CANADA
3. ANALYSIS OF CANADIAN STATUTES
3.1. CRIMINAL CODE
- 3.1.1. Fraud, Forgery, Impersonation
3.1.2. Possession of personal information
3.1.3. Computer misuse
3.1.4. Sentencing
3.1.5. Fraudulent declaration to government agencies
3.2. PRIVACY: DATA PROTECTION
- 3.2.1. Collection, Retention, Use and Disclosure of Personal Information
3.2.2. Security measures
3.2.3. Access Controls
3.2.4. Notification of Security Breaches
3.2.5. Storage location
3.2.6. Enforcement
3.3. CONSUMER REPORTING AGENCIES
- 3.3.1. Consent clauses
3.3.2. Fraud Alerts
3.3.3. Consumer Explanations
3.3.4. Authentication
3.3.5. Notification
3.3.6. Right of Action
3.4. CONSUMER PROTECTION & DEBT COLLECTORS
- 3.4.1. Credit Card Issuance
3.4.2. Liability
3.4.3. Debt Collector Harassment
3.4.4. Right of action
3.5. STATUTES APPLICABLE TO IDENTITY DOCUMENTS
- 3.5.1. Social Insurance Numbers
3.5.2. Driver’s licences
3.5.3. Birth certificates
3.6. REAL ESTATE FRAUD
4. UNITED STATES
4.1. INTRODUCTION
4.2. FEDERAL STATUTES
- 4.2.1. Identity theft-specific legislation
- 4.2.1.1. Possession of personal information
4.2.1.2. Insider Abuse
4.2.1.3. Unlawful uses
4.2.1.4. Risk reduction
4.2.1.5. Aftermath
4.2.1.6. Sentencing
4.2.2. False Identification Statutes
4.2.3. Privacy and Personal Data Statutes
- 4.2.3.1. Collection, use and disclosure
4.2.3.2. Personal identifiers
4.2.3.3. Security
4.2.4. Credit Legislation
- 4.2.4.1. Disclosure
4.2.4.2. Aftermath
4.2.4.3. Rights of Action
4.2.5. General Legislation
4.2.6. Bills
4.3. CALIFORNIA
- 4.3.1. Identity theft offence
4.3.2. Notification of security breaches
4.3.3. Security freeze
4.3.4. Right to investigation
4.3.5. Right to business records
5. THE U.K, AUSTRALIA AND FRANCE
Download
PDF Ebook Legislative Approaches To Identity Theft: An Overview
