Alaska State Victim Resources:
Agencies that offer legal assistance to IDT victims:
Alaska Legal Services Corporation
Alaska State Victim Laws:
Security Freeze Law:
Alaska consumers will be allowed to place security freezes on their consumer credit reports to prevent new accounts from being opened in their names. Such a freeze enables the consumer to prevent anyone from looking at his/her credit file for the purpose of granting credit unless the consumer chooses to allow a particular business look at the information. To request a freeze, a consumer must request one in writing by certified mail or by telephone, fax, the Internet, or other electronic media if the credit reporting agency has developed procedures for consumers to do so.
The reporting agency must place the freeze within five business days after receiving the request, and within five days of placing the request, must send a written confirmation of the freeze and provide the consumer with a unique personal identification number or password to be used by the consumer when providing authorization for the release of his credit for a specific party or period of time. Requests for a temporary unlocking of the freeze must be completed within three business days if received by mail. If a consumer reporting agency offers the option to consumers to request a temporary unlocking of the freeze through Internet and telephonic methods, the freeze must be placed within 15 minutes after the consumer’s request is received by the agency during normal business hours.
Consumer reporting agencies may charge a fee of $5 to place the original security freeze, and $2 to temporarily unlock the freeze. However, victims of identity theft with a valid police report or investigative complaint may not be charged.
Mandatory Police Report Law for Identity Theft Victims:
A person who learns or reasonably suspects that he or she is the victim of financial identity fraud may contact the local law enforcement agency that has jurisdiction over his place of residence. The local law enforcement agency must take a police report of the matter, whether or not the agency has jurisdiction to investigate and prosecute a crime of financial identity fraud against the victim, and must provide the victim with a copy of the police report. The agency may refer the police report to a law enforcement agency with jurisdiction to investigate and prosecute a crime of financial identity fraud. A police report filed by a victim of financial identity fraud under this section is not required to be counted as an open case for purposes such as compiling open case statistics.
Identity Theft Passport Law:
No State law at this time.
Identity Theft Laws:
A person commits the crime of criminal impersonation if he possesses an access device or identification document of another person, and uses it without authorization to obtain a false identification document, open an account at a financial institution, obtain another access device, or obtain property or services, damaging the financial reputation of the other person.
An access device is defined as a card, credit card, plate, code, account number or identification number, including a Social Security number, electronic serial number or password, that is capable of being used, alone or in conjunction with another access device or identification document, to obtain property or services. An identification document means a paper, instrument, or other article used to establish the identity of a person, including a Social Security card, driver’s license, non-driver’s identification, birth certificate, passport, employee identification, or hunting or fishing license.
Criminal impersonation in the first degree is a class B felony, punishable by a maximum of ten years in prison and/or a fine up to $100,000. However, the presumptive sentence is one to three years for a first felony conviction, four to seven years for a second felony conviction, and six to ten years for a third or subsequent felony conviction.
A person commits the crime of criminal impersonation in the second degree if he assumes a false identity and acts in the assumed character with intent to defraud, commit a crime, or obtain a benefit to which the person is not entitled; or pretends to be a representative of some person or organization and acts in the pretended capacity with intent to defraud, commit a crime, or obtain a benefit to which the person is not entitled. Criminal impersonation in the second degree is a class A misdemeanor, punishable by up to one year in jail and/or a fine up to $10,000.
Other Related Laws:
A person commits the crime of fraudulent use of an access device, if with intent to defraud, he uses the device to obtain property or services with knowledge that the device is stolen or forged; it is expired, revoked, or cancelled; or for any other reason, that the use of the device is unauthorized by either the issuer or the person to whom it is issued. Fraudulent use of an access device is a class B felony if the value of the property or services obtained is $25,000 or more; a class C felony if the value of the property or services obtained is
$50 or more but less than $25,000; or a class A misdemeanor if the value of the property or services obtained is less than $50. A class C felony is punishable by up to five years in prison and/or a fine up to $50,000. However, the presumptive sentence is one to two years for a first felony conviction, two to four years for a second felony conviction, and three to five years for a third or subsequent felony conviction.
A person commits the crime of obtaining an access device or identification document by fraudulent means if he/she:
- Buys an access device or identification document from a person other than the issuer or, as other than the issuer, sells an access device or identification document;
- With intent to defraud, the person obtains an access device or identification document; or
- With intent to defraud, the person makes a false statement in an application for an access device or identification document.
- Obtaining an access device or identification document by fraudulent means is a class C felony.
Criminal Use of a Computer:
A person commits the offense of criminal use of a computer if, having no right to do so or any reasonable ground to believe he has such a right, he knowingly accesses, causes to be accessed, or exceeds the person’s authorized access to a computer, computer system, network, program, and as a result of that access:
- Obtains information concerning a person;
- Introduces false information into a computer, computer system, computer program, or
- computer network with the intent to damage or enhance the data record or the financial reputation of a person; or, with criminal negligence, damages or enhances the data record or the financial reputation of a person;
- Obtains proprietary information of another person;
- Obtains information that is only available to the public for a fee;
- Introduces instructions, a computer program, or other information that tampers with, disrupts, disables, or destroys a computer, computer system, computer program, computer network, or any part of a computer system or network; or
- Encrypts or decrypts data.
Violations are a class C felony.
Social Security Numbers: Starting July 1, 2009, state law will prohibit a person from:
- Intentionally communicating or otherwise making available to the general public an
- individual’s Social Security number (SSN);
- Printing an individual’s SSN on a card required for him to access products or services;
- Requiring an individual to transmit his SSN over the Internet unless the Internet connection is secure or the SSN is encrypted;
- Requiring an individual to use his SSN to access an Internet web site unless a password, a unique personal identification number, or another authentication device is also required to access the web site;
- Printing an individual’s SSN on material that is mailed to the person unless local, state, or federal law expressly authorizes placement of the SSN on the material or the SSN is included on an application or other form. Even if a law expressly authorizes placement of the SSN, it may not be printed on a postcard or other mailer that does not require an envelope or in a manner that makes the SSN number visible on the envelope or without the envelope being opened. The law also states that a person who does business in the state, including government agencies, may not request or collect from an individual his SSN. This does not apply if the person or agency is authorized by local, state, or federal law to request or collect a SSN. It also prohibits people from selling, leasing, loaning, trading, or renting an individual’s Social Security number to a third party.
Destruction of Records:
Starting January 9, 2009, state law will require government agencies and businesses, when disposing of consumer records, to take all reasonable measures necessary to protect against unauthorized access of such records. These measures include implementing and monitoring compliance with policies and procedures that require the burning, pulverizing, or shredding of paper documents and the destruction or erasure of electronic media and other non-paper media so that the personal information cannot be practicably be read or reconstructed.
Starting July 1, 2009, state law will require state or local government agencies and businesses operating in the state that own or license personal information in any form to notify consumers when their personal information is compromised during a security breach, putting them at risk of identity theft. A security breach occurs upon “unauthorized acquisition or reasonable belief of unauthorized acquisition of personal information that compromises the security, confidentiality or integrity” of personal information. Disclosure must occur to any resident of the state whose personal information was subject to the breach. The disclosure must be made in the most expeditious time possible, and without unreasonable delay, consistent with legitimate needs of law enforcement and as necessary to determine the scope of the breach and restore the reasonable integrity of the information system. Notification is not required if after an appropriate investigation and after written notification to the attorney general of the state, the agency or business determines that there is no reasonable likelihood of harm to customers.
Personal information means an individual’s first name or first initial and his/her last name, in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted or redacted, or is encrypted and the key has been accessed or acquired: Social Security number; driver’s license or state identification card number; an account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to the individual’s financial account.
Notification can be provided to the affected persons by mail or e-mail. If the cost of providing regular notice would exceed $150,000, the amount of people to be notified exceeds 300,000, or the entity or business does not have sufficient contact information, substitute notice may be provided. When substitute notice is used, it must consist of all of the following, as applicable: e- mail notice, conspicuous posting on the entity’s web site, and notification to statewide media. If more than 1,000 state residents are affected by the breach, consumer credit reporting agencies must also be notified.
Criminal Identity Theft:
State law contains procedures to assist victims of identity theft who are wrongly linked to crimes. Victims of criminal identity theft may submit a written request asking that inaccurate criminal justice information be corrected, modified, or that explanatory notations be added. In addition, victims can petition to seal such information about the person that, beyond a reasonable doubt, resulted from mistaken identity or false accusation.
“Request to Correct Criminal Justice Information” (https://dps.alaska.gov/getmedia/54c406fb-55ae-40c0-a9fb-f079bfc767dc/CJIRecordCorrectionForm.pdf;.aspx)
Beginning July 1, 2009, state law will allow a person who reasonably believes he is the victim of identity theft to petition a court for a factual declaration of innocence. It seeks to assist victims of criminal identity theft, in which the perpetrator of the theft was arrested for, cited for, or convicted of a crime under the victim’s identity, where a criminal complaint has been filed against the perpetrator in the victim’s name, or where the victim’s identity has been mistakenly associated with a record of criminal conviction.
A court may determine that a petitioner is factually innocent of a crime if the court finds beyond a reasonable doubt that the petitioner is a victim of identity theft; the petitioner did not commit the offense for which the perpetrator of the identity theft was arrested, cited, or convicted; the petitioner filed a criminal complaint against the perpetrator of identity theft; and the petitioner’s identity was mistakenly associated with a record of conviction for the crime. After a court has issued a declaration of factual innocence, the court may order the name and associated personal identifying information contained in court records, files and indexes accessible by the public be deleted, sealed, or labeled to show that the data is impersonated and does not reflect the defendant’s identity.
The Attorney General may develop and maintain a database of individuals who have been victims of identity theft and have received factual declarations of innocence. This database will be accessible through a toll-free number to criminal justice agencies, victims of identity theft, and individuals and agencies authorized by the victim.