California State Victim Resources:
Phone: (916) 445-9555
Los Angeles County Department of Consumer Affairs Identity Theft Unit
Phone: (800) 593-8222 (option 5)
This Department can help L.A. County residents who are victims of identity theft deal with creditors, collection agencies, etc. This is a resource for victims to help restore their finances back to normal.
CA Department of Corrections
CA Secretary of State
CA Office of Privacy Protection
CA Identity Theft Registry
(for victims of Criminal Identity Theft)
CA Department of 'Social Service's
CA Franchise Tax Board (report income tax fraud)
Franchise Tax Board
Phone: 800-540-3453 M-F 8:30am – 4pm (PST)
Agencies that offer legal assistance to IDT victims:
Bay Area Legal Aid
Program Phone: (510) 663-4755
Legal Assistance: (510) 663-4744
California Indian Legal Services, Inc.
Program Phone: (760) 746-8941
Legal Assistance: (510) 835-0284
California Rural Legal Assistance, Inc.
Program Phone: (415) 777-2752
Legal Assistance: (415) 777-2752
Central California Legal Services
Program Phone: (559) 570-1200
Legal Assistance: 800-675-8001
Greater Bakersfield Legal Assistance, Inc.
Program Phone: (661) 334-4660
Legal Assistance: (805) 325-5943
Inland Counties Legal Services, Inc.
Program Phone: (951) 368-2530
Legal Assistance: (909) 368-2555
Legal Aid Foundation of Los Angeles
Program Phone: (323) 801-7906
Legal Assistance: (800) 399-4529
Legal Aid Society of Orange County, Inc.
Program Phone: (714) 571-5200
Legal Assistance: (800) 834-5001
Legal Aid Society of San Diego, Inc.
Program Phone: (619) 471-2620
Legal Assistance: (877) 534-2524
Legal Services of Northern California, Inc.
Program Phone: (916) 551-2150
Legal Assistance: (916) 551-2150
Neighborhood Legal Services of Los Angeles County
Program Phone: (818) 834-7590
Legal Assistance: (818) 896-5211
Security Freeze Law:
State law allows all consumers to place security freezes on their consumer credit reports to prevent identity thieves from opening new accounts in their names. Such a freeze enables the consumer to prevent anyone from looking at his/her credit file for the purpose of granting credit unless the consumer chooses to allow a particular business look at the information. To request a freeze, a consumer must request one in writing to the credit reporting agencies. Credit reporting agencies may charge $10 to implement a freeze or to temporarily lift a freeze for a specific time period or for a specific creditor. Seniors over 65 may be charged no more than $5, and victims of identity theft may not be charged.
The reporting agency must place the freeze within three business days after receiving the request, and within ten days of placing the freeze must send a written confirmation of the freeze and provide the consumer with a unique personal identification number or password to be used by the consumer when providing authorization for the release of his credit for a specific party or period of time. Requests for a temporary unlocking of the freeze must be completed within three business days.
Statute: Civil Code § 1780.11.2 through 1785.11.6 (must scroll down to relevant section) http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=CIV&division=3.&title=1.5.&part=4.&chapter=4.&article=
Mandatory Police Report Law for Identity Theft Victims:
A person who has learned or reasonably suspects that his or her personal identifying information has been unlawfully used by another may initiate a law enforcement investigation by contacting the local law enforcement agency that has jurisdiction over his or her actual residence or place of business, which is required to take a police report of the matter, provide the complainant with a copy of that report, and begin an investigation of the facts. If the suspected crime was committed in a different jurisdiction, the local law enforcement agency may refer the matter to the law enforcement agency where the suspected crime was committed for further investigation of the facts.
Statute: Penal Code §530.6.
Identity Theft Passport Law:
No State law at this time
Identity Theft Laws:
A person who, with the intent to defraud, acquires or retains possession of the personal identifying information of another person can be punished by a fine up to $1000 and/or up to one year in county jail. Penalties may be increased if a person:
- Has a previous conviction for an identity theft violation; or
- Acquires or retains the personal identifying information of ten or more persons; or
- Obtains personal identifying information of another person and uses that information without the consent of that person for any unlawful purpose, including to obtain or attempt to obtain credit, goods, services, real property, or medical information; or
- With intent to defraud, sells, transfers, or conveys the personal identifying information of another person; or
- With actual knowledge that the personal identifying information of a specific person will be used fraudulently, sells, transfers, or conveys that information.
- For these offenses, violations can be either a misdemeanor or a felony (known as a “wobbler” offense) depending upon the prosecutor’s charging decision and the actual punishment imposed by the trial court. As a misdemeanor, identity theft is punishable by up to one year in county jail and/or a fine of up to $1000. It may also be punishable as a felony by imprisonment in the state prison for a term of 16 months, two years, or three years in state prison, and/or a fine up to $10,000.
- Personal identifying information means any name, address, telephone number, health insurance number, taxpayer identification number, school identification number, state or federal driver’s license, or identification number, social security number, place of employment, employee identification number, professional or occupational number, mother’s maiden name, demand deposit account number, savings account number, checking account number, PIN (personal identification number) or password, alien registration number, government passport number, date of birth, unique biometric data including fingerprint, facial scan identifiers, voiceprint, retina or iris image, or other unique physical representation, unique electronic data including information identification number assigned to the person, address or routing code, telecommunication identifying information or access device, information contained in a birth or death certificate, or credit card number of an individual person, or an equivalent form of identification.
Statute: Penal Code § 530.5.
The jurisdiction for a criminal action for identity theft offenses may be the county where the theft occurred, the county where the information was illegally used, or the county in which the victim resided at the time the offense was committed. If similar identity theft crimes occur in multiple jurisdictions, any one of those jurisdictions can be used for all of the offenses.
Statute: Penal Code §786(b).
Statute of Limitations:
To give victims, law enforcement, and prosecutors a reasonable opportunity to discover and identify crimes of identity theft, state law provides that the statute of limitations for the crime begins when the crime was discovered, instead of when it was committed.
Statute: Penal Code §803.5: (must scroll down to appropriate section) http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=PEN&division=&title=3.&part=2.&chapter=2.&article=
Other Related Laws:
State law provides that a person who possesses a birth certificate (genuine or counterfeit) with the intent to conceal his/her identity or to represent himself/herself as the person named in the document is guilty of a misdemeanor. It is an alternate misdemeanor- felony offense for a person to manufacture, sell, offer, or transfer a purported birth certificate, where the defendant intends to deceive and knows the document is counterfeit.
Statute: Penal Code §529a
It is a misdemeanor to possess document-making devices with intent to use them to manufacture, alter, or authenticate a deceptive identification document.
Statute: Penal Code §483.5: (must scroll down to the appropriate section) http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=PEN&division=&title=13.&part=1.&chapter=4.&article=
Any person who acquires or retains possession of access card account information, without the cardholder’s or issuer’s consent, with the intent to use it fraudulently, is guilty of grand theft. A person who with intent to defraud, acquires or retains an access card, with the intent to use, sell, or transfer the card, is guilty of petty theft. A person who within a twelve-month period, acquires access cards issued in the names of four or more people which he has reason to know were taken or retained fraudulently, is guilty of grand theft.
Statute: Penal Code §484e: (must scroll down to the appropriate section) http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=PEN&division=&title=13.&part=1.&chapter=5.&article=
Any person who publishes the number or code of an existing, canceled, revoked, expired or nonexistent access card, personal identification number, computer password, access code, debit card number, bank account number, or the numbering or coding which is employed in the issuance of access cards, with the intent that it be used or with knowledge or reason to believe that it will be used to avoid the payment of any lawful charge, or with intent to defraud or aid another in defrauding, is guilty of a misdemeanor.
Statute: Penal Code §484j: (must scroll down to the appropriate section) http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=PEN&division=&title=13.&part=1.&chapter=5.&article=
State law prohibits the possession or use of a scanning device or re-encoder that is used to obtain or record encoded information from the magnetic strip of a payment card with intent to defraud. Scanning devices are electronic devices that are used to access, read, scan, obtain, memorize, or store, temporarily or permanently, information encoded on the magnetic strip or stripe of a payment card. A re-encoder is an electronic device that places encoded information from the magnetic strip or stripe of a payment card onto the magnetic strip or stripe of a different card. Violations are a misdemeanor, punishable by up to one year in jail and/or a fine of up to $1000.
Statute: Penal Code §502.6: (must scroll down to the appropriate section) http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=PEN&division=&title=13.&part=1.&chapter=5.&article=
Under state law, a person or entity that intentionally remotely reads or attempts to remotely read a person’s identification document using radio frequency identification (RFID), for the purpose of reading that person’s identification document without that person’s knowledge and prior consent, will be punished by imprisonment in a county jail for up to one year and/or a fine of up to $1500. There are exceptions for inadvertent scanning and also permits various emergency medical services and law enforcement agencies to scan without a bearer’s permission to identify or assist an unresponsive person, or to solve a crime, as long as a search warrant has been issued.
State law prohibits phishing the act of posing as a legitimate company or government agency in an email, Web page, or other Internet communication in order to trick a recipient into revealing his or her personal information. It makes it unlawful for any person, through the Internet or other electronic means, to solicit, request, or take any action to induce another person to provide identifying information by representing itself to be an online business without the approval or authority of the online business.
Statute: Business and Professions Code §22948-22948.3: http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=BPC&division=8.&title=&part=&chapter=33.&article=
State law prohibits an authorized person from knowingly installing or providing software that performs certain functions, such as taking control of the computer or collecting personally identifiable information. It specifically prevents the collection, through intentionally deceptive means, personally identifiable information, through the use of a keystroke-logger or by extracting it for a purpose unrelated to the purpose of the software or service.
Statute: Business and Professions Code §22947: http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=BPC&division=8.&title=&part=&chapter=32.&article=
Social Security Numbers:
California law contains numerous protections for Social Security numbers (SSN). It prohibits businesses, governments, and other entities from publicly displaying or posting an individual’s SSN; printing SSNs on ID cards or badges; printing SSNs on documents mailed to customers, unless the law requires it or the document is a form or application; printing SSNs on postcards or any other mailer where its visible without opening an envelope; avoiding legal requirements by encoding or embedding SSNs in cards or documents, such as using a bar code, chip or magnetic strip; requiring people to send SSNs over the Internet, unless the connection is secure or the number is encrypted; and requiring people to use an SSN to log onto a web site, unless a password is also used. Organizations may continue their current practices for using SSNs for existing customers, rather than stopping the practices barred by the new law described above, unless a customer requests otherwise in writing.
Statute: Civil Code §1798.85-1798.86: http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=CIV&division=3.&title=1.81.1.&part=4.&chapter=&article=
Protection of Personal Information:
State law requires businesses to use safeguards to ensure the security of personal information, defined as an individual’s name, plus his/her Social Security number (SSN), driver’s license or state identification number, financial account numbers, and to contractually require third parties to do the same.
Statute: Civil Code §1798.81.5: (must scroll down to appropriate section) http://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV§ionNum=1798.81.5
Change of Address: State law requires a credit card issuer or telephone company that receives a request for a change of address on an account and then within a specified period receives a request for a new credit card or service to notify the consumer at the former address of record.
Statute: Civil Code §1799.1b: (must scroll down to appropriate section) http://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV§ionNum=1799.1b
State law requires a credit card issuer that receives an application with a different address in response to a mailed unsolicited offer to verify the change of address.
Statute: Civil Code §1747.06.
Criminal Identity Theft:
A person who reasonably believes that he or she is the victim of identity theft may petition a court for an expedited judicial determination of his or her factual innocence, in cases where the perpetrator of the identity theft was arrested for, cited for, or convicted of a crime under the victim’s identity, or where a criminal complaint has been filed against the perpetrator in the victim’s name, or where the victim’s identity has been mistakenly associated with a record of criminal conviction. If the victim is found factually innocent, the court must issue an order certifying this determination, and may order the name and associated personal identifying information contained in court records, files, and indexes accessible by the public be deleted, sealed, or labeled to show that the data is impersonated and does not reflect the defendant’s identity.
Statute: Penal Code §530.6.
If a person obtains personal identifying information of another person, uses that information to commit a crime in addition to the crime of identity theft, the court records must reflect that the person whose identity was falsely used to commit the crime did not commit the crime.
Statute: Penal Code §530.5.
The California Department of Justice maintains a registry to assist victims of criminal identity theft, in which a suspect in a criminal investigation identifies himself using the identity of another, innocent person. The registry is available to help victims of identity theft who are wrongly linked to crimes, by providing a centralized place that can be checked by police and other authorized persons to confirm that a person is not wanted by law enforcement and that a mistaken criminal history was created in his name.
Victims who have been charged with a crime committed by another person using his/her stolen identity or those whose identity has been mistakenly associated with a record of criminal conviction can register to enter their name into the Identity Theft Database. In most cases of criminal identity theft, victims must go to court to obtain an order from a judge stating they are “factually innocent” of the crime on their record. Once confirmed, the information is entered in a statewide database and can be used to show others that a he/she was not actually responsible for the crime. The information is available via a toll-free number to the identity theft victim, criminal justice agencies, law enforcement, and other individuals and agencies authorized by the victim to see the information.
Statute: Penal Code §530.7.
“Identity Theft Registry” (http://ag.ca.gov/idtheft/general.php)
Access to Records on Fraudulent Accounts:
State law allows identity theft victims or their law enforcement representatives to obtain copies of documents on fraudulent accounts from the financial institution or utility where the accounts were opened. The financial institutions and businesses are required to release to a victim with a police report or to the victim’s law enforcement representative information and evidence related to the accounts. This includes information related to the application or account, such as a copy of the unauthorized person’s application or application information and a record of transactions or charges associated with the application or account. The requested information must be provided within 10 days of receiving the request at no cost.
Statute: Penal Code §530.8: (must scroll down to appropriate section) http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=PEN&division=&title=13.&part=1.&chapter=8.&article
Destruction of Records:
State law requires businesses to take all reasonable steps to destroy, or arrange for the destruction, of a customer’s records within its custody or control that contain personal information that is no longer to be retained by the business. This can be done by shredding, erasing, or otherwise modifying the personal information in those records to make it unreadable or undecipherable through any means. Personal information means any information that identifies, relates to, describes, or is capable of being associated with a particular individual, including, but not limited to his/her name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit or debit card number, or any other financial information.
Statute: Civil Code §1798.81: (must scroll down to appropriate section) http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=CIV&division=3.&title=1.81.&part=4.&chapter=&article=
State law requires state agencies and businesses operating in the state that own or license computerized data that include consumers’ personal information to notify consumers when their personal information is compromised during a security breach, putting them at risk of identity theft. A security breach occurs upon “unauthorized acquisition of computerized data that compromises the security, confidentiality or integrity” of personal information. Disclosure must occur to any resident of the state whose unencrypted personal information was, or is reasonably believed to have been, acquired by an authorized person. The disclosure must be made in the most expedient time possible, and without unreasonable delay, consistent with legitimate needs of law enforcement.
Personal information means an individual’s first name or first initial and his/her last name, in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted or redacted: Social Security number; driver’s license or California identification card number; an account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to the individual’s financial account; or medical information. Publicly available information is not included.
Notification can be provided to the affected persons by mail or e-mail. If the cost of providing regular notice would exceed $250,000, the amount of people to be notified exceeds 500,000, or the entity or business not have sufficient contact information, substitute notice may be provided. When substitute notice is used, it must consist of all of the following, as applicable: e-mail notice, conspicuous posting on the entity’s web site, and notification to statewide media.
Statute: Civil Code §1798.82: (must scroll down to appropriate section) http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=CIV&division=3.&title=1.81.&part=4.&chapter=&article=
Security breach notification laws and procedures also apply to electronic medical or health information. California residents must be notified when their unencrypted medical histories, information on mental or physical conditions, medical treatments and diagnoses, insurance policy or subscriber number, insurance applications, claims history, or appeals are breached.
Statute: Civil Code §56.06: http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=CIV&division=1.&title=&part=2.6.&chapter=1.&article=
Prohibition Against Debt Collectors:
State law prohibits debt collectors from pursuing collection of a debt when an alleged debtor provides a police report of identity theft and other information on his status as an identity theft victim. The bill also helps identity theft victims clear up their records by requiring debt collectors who cease collection activities to notify the creditors and consumer credit reporting agencies to which the collector previously provided adverse information.
Statute: Civil Code §1788.18.
In addition, state law gives identity theft victims the right to bring an action against a claimant who is seeking payment on a debt not owed by the identity theft victim. The victim may seek an injunction against the claimant, plus actual damages, costs, a civil penalty, and other relief.
Statute: Civil Code §1798.92.
Free Credit Reports:
State law provides that an identity theft victim who provides the credit bureau with a copy of a police report is entitled to twelve free credit reports, one per month, in the twelve months from the date of the police report.
Statute: Civil Code §1785.15.3.