Florida State Victim Resources:
Department of Children and Families
Department of Law Enforcement
Compromised Identity Services
Agencies that offer assistance to IDT victims:
Bay Area Legal Services, Inc.
Program Phone: (813) 232-1343
Legal Assistance: (813) 232-1343
Coast to Coast Legal Aid of South Florida, Inc.
Program Phone: (954) 736-2400
Legal Assistance: (954) 736-2400
Community Legal Services of Mid-Florida, Inc.
Program Phone: (386) 255-6573
Legal Assistance: (386) 255-6573
Florida Rural Legal Services, Inc.
Program Phone: (239) 334-4554
Legal Assistance: (800) 277-7680
Legal Services of Greater Miami, Inc.
Legal Assistance: (305) 576-0080
Legal Services of North Florida, Inc.
Legal Assistance: (850) 385-9007
Three Rivers Legal Services, Inc.
Program Phone: (352) 372-0519
Legal Assistance: (352) 372-0519
Security Freeze Law:
All Florida consumers are allowed to place security freezes on their consumer credit reports to prevent new accounts from being opened in their names. Such a freeze enables the consumer to prevent anyone from looking at his/her credit file for the purpose of granting credit unless the consumer chooses to allow a particular business look at the information. To request a freeze, a consumer must request one in writing by certified mail. Consumer reporting agencies may charge a fee of $10 to place or temporarily lift a security freeze. However, victims of identity theft with a valid police report or investigative complaint and people 65 years of age or older may not be charged.
The reporting agency must place the freeze within five business days after receiving the request, and within ten days, must send a written confirmation of the freeze and provide the consumer with a unique personal identification number or password to be used by the consumer when providing authorization for the release of his credit for a specific party or period of time. Requests for a temporary unlocking of the freeze must be completed within three business days. A consumer reporting agency must select and develop a secure electronic contact method, which may include the use of telephone, fax, the Internet, or other secure electronic means, by which to receive and process requests from consumers to temporarily lift a freeze.
How to Place a Credit Freeze in Florida:
Mandatory Police Report Law for Identity Theft Victims:
No State law at this time.
Identity Theft Passport Law:
No State law at this time.
Identity Theft Laws:
A person commits the offense of fraudulent use of personal identification information if he willfully and without authorization, fraudulently uses or possesses with intent to fraudulently use personal identification information concerning an individual without first obtaining the individual’s consent. Violations are a felony of the third degree, punishable by up five years in prison and/or a fine up to $5,000.
The penalty is increased to a second-degree felony, punishable by three to fifteen years in prison and/or a fine up $10,000, if the pecuniary benefit, value of the services received, the payment sought to be avoided, or the amount of the injury or fraud perpetrated is $5,000 or more; or if the person fraudulently uses the personal identification information of ten to nineteen individuals without their consent.
It is a first-degree felony if the pecuniary benefit, value of the services received, the payment sought to be avoided, or the amount of the injury or fraud perpetrated is $50,000 or more; or the person fraudulently uses the personal identification of twenty to twenty nine individuals. It is punishable by five to thirty years in prison and/or a fine up to $10,000. If the value is over $100,000, or if the person fraudulently uses the personal identification information of thirty or more individuals without their consent, there is a mandatory minimum sentence of ten years in prison.
Any person who willfully and without authorization possesses, uses, or attempts to use personal identification information concerning an individual without first obtaining that individual’s consent, and who does so for the purpose of harassing that individual, commits the offense of harassment by use of personal identification information, which is a misdemeanor of the first degree, punishable up to one year in prison and/or a fine up to $1,000. If an offense was facilitated or furthered by the use of a public record, it is reclassified to the next higher degree as follows: a misdemeanor of the first degree is reclassified as a third-degree felony; a third-degree felony becomes a second-degree felony, and a second-degree felony is reclassified as a first-degree felony.
A person who willfully and without authorization fraudulently uses personal identification information concerning an individual under 18 years of age without first obtaining the consent to the individual or his legal guardian commits a second-degree felony. If a parent or legal guardian uses the personal identification of the minor, it is also a second-degree felony.
Fraudulent use or possession with intent to use personal information of a deceased individual is third-degree felony. If the pecuniary benefit, the value of the services received, the payment sought to be avoided, or the amount of injury or fraud perpetrated is $5,000 or more, or if the person fraudulently uses the personal identification information of 10 or more but fewer than 20 deceased individuals, it is second-degree felony, with a mandatory minimum sentence of three years.
A person commits the offense of aggravated fraudulent use of the personal identification information of multiple deceased individuals, a first-degree felony, if the pecuniary benefit, the value of the services received, the payment sought to be avoided, or the amount of injury or fraud perpetrated is $50,000 or more; or if the person fraudulently uses the personal identification information of 20 to 29 deceased individuals. If the value is over $100,000 or more or if the person fraudulently uses the personal identification information of 30 or more deceased individuals, the minimum sentence is 10 years.
Any person who willfully and fraudulently creates or uses, or possesses with intent to fraudulently use, counterfeit or fictitious personal identification information concerning a fictitious individual, or concerning a real individual without first obtaining that real individual’s consent, with intent to use such counterfeit or fictitious personal identification information for the purpose of committing or facilitating the commission of a fraud on another person, commits the offense of fraudulent creation or use, or possession with intent to fraudulently use, counterfeit or fictitious personal identification information, a third-degree felony.
If a person commits any of the above offenses and for the purpose of obtaining or using personal identification information, misrepresents himself or herself to be a law enforcement officer; an employee or representative of a bank, credit card company, credit counseling company, or credit reporting agency; or any person who wrongfully represents that he or she is seeking to assist the victim with a problem with the victim’s credit history, the offense will be reclassified as follows:
In the case of a misdemeanor, the offense is reclassified as a felony of the third degree; in the case of a felony of the third degree, the offense is reclassified as a felony of the second degree; in the case of a felony of the second degree, the offense is reclassified as a felony of the first degree; a felony of the first degree may be reclassified as a life felony.
A prosecutor may ask for a reduced or suspend sentence for a person convicted of an identity theft violation if he provides substantial assistance in the identification, arrest, or conviction of his accomplices, accessories, co-conspirators, or principals or any other person engaged in fraudulent possession or use of personal identification information.
“Personal identification information” means any name or number that may be used, alone or in conjunction with any other information, to identify a specific individual, including any:
- Name, postal or electronic mail address, telephone number, Social Security number, date of birth, mother’s maiden name, official state-issued or United States-issued driver’s license or identification number, alien registration number, government passport number, employer or taxpayer identification number, Medicaid or food stamp account number, bank account number, credit or debit card number, or personal identification number or code assigned to the holder of a debit card by the issuer to permit authorized electronic use of such card;
- Unique biometric data, such as fingerprint, voice print, retina or iris image, or other unique physical representation;
- Unique electronic identification number, address, or routing code;
- Medical records;
- Telecommunication identifying information or access device; or
- Other number or information that can be used to access a person’s financial resources.
Venue for prosecution and trial may be commenced and maintained in any county in which an element of the offense occurred, including the county where the victim generally resides.
Statute of Limitations:
A prosecution must be commenced within three years after the offense occurred. However, a prosecution may be commenced within one year after discovery of the offense by an aggrieved party if the prosecution is commenced within five years after the violation occurred.
Other Related Laws:
It is unlawful for a person to make or cause to be made, either directly or indirectly, any false statement as to a material fact in writing, knowing it to be false and with intent that it be relied on respecting his or her identity or that of any other person, firm, or corporation or his or her financial condition or that of any other person, firm, or corporation, for the purpose of procuring the issuance of a credit card. Violations are a first-degree misdemeanor.
It is a first-degree misdemeanor to:
- Take a credit card from the person, possession, custody, or control of another without the cardholder’s consent; or with knowledge that it has been so taken, receives the card with intent to use, sell, or transfer it to another person.
- Receive a credit card that a person knows to have been lost, mislaid, or delivered under a mistake as to the identity or address of the cardholder, and retain possession with intent to use, sell, or transfer it.
- For a person other than the issuer to sell a credit card; or to buy a credit card from a person other than issuer.
- For a person other than the cardholder or a person authorized by him, to sign a credit card with the intent to defraud the issuer or a person or organization providing money, goods, services, or anything else of value or any other person.
- It is a third-degree felony for a person, other than the issuer, to receive during any 12-month period two or more credit cards in the name or names of different cardholders that he has reason to know were taken or retained under circumstances that constitute credit card theft.
A person commits the crime of fraudulent use of a credit card if he, with intent to defraud the issuer or a person or organization providing money, goods, services, or anything else of value or any other person, uses, for the purpose of obtaining money, goods, services, or anything else of value, a credit card obtained or retained fraudulently or any credit card that he knows is forged; or to represent himself, without consent of the cardholder, that he is the holder of a specified card. Violations are a first-degree misdemeanor if in any six-month period, a person uses a credit card in violation two or fewer times, or obtains money, goods, services, or anything else in violation the value of which is less than $100. It is a third-degree misdemeanor if he uses a card more than two times or obtains goods valued over $100.
State law prohibits the use of a scanning device or re-encoder that is used to obtain or record encoded information from the magnetic strip of a payment card without the authorization of the authorized user and with the intent to defraud the authorized user, the issuer of the card, or a merchant. Scanning devices are defined as a scanner, reader, or any other electronic device that is used to access, read, scan, obtain, memorize, or store, temporarily or permanently, information encoded on the magnetic strip or stripe of a payment card. A re-encoder is an electronic device that places encoded information from the magnetic strip or stripe of a payment card onto the magnetic strip or stripe of a different card. Violations are a third-degree felony. Second or subsequent offenses are a second-degree felony.
Caller Identification Fraud:
Under state law, a caller may not knowingly insert false information into a caller identification system with the intent to mislead, defraud or deceive the recipient of a telephone call. A caller identification system means a listing of a caller’s name, telephone number, or name and telephone number that is shown to a recipient of a call when the recipient answers. This provision does not apply to any blocking of caller identification information; any law enforcement agency, or any intelligence or security agencies of the federal government. Violations are a misdemeanor in the first degree.
A court may order a defendant convicted of an identity theft offense to make restitution to any victim of the offense. In addition to the victim’s out-of-pocket costs, restitution may include payment of any other costs, including attorney’s fees incurred by the victim in clearing the victim’s credit history or credit rating, or any costs incurred in connection with any civil or administrative proceeding to satisfy any debt, lien, or other obligation of the victim arising as the result of the actions of the defendant.
Upon conviction of an identity theft offense, the court may issue such orders as necessary to correct any public record that contains false information resulting from the actions that resulted in the conviction.
State law requires individuals and businesses doing business in the state to notify state residents when their unencrypted personal information was or is reasonably believed to have been acquired during a security breach, putting them at risk of identity theft. A security breach is defined as “unlawful and unauthorized acquisition of computerized data that materially compromises the security, confidentiality, or integrity of personal information.”
Notice must be made without unreasonable delay, no later than 45 days following the determination of the breach, although it can be delayed upon request by a law enforcement agency or to determine the scope of the breach and to restore the reasonable integrity of the data system. Notification is not required if, after an appropriate investigation or after consultation with relevant federal, state, and local agencies responsible for law enforcement, the person reasonably determines that the breach has not and will not likely result in harm to the individuals whose personal information has been acquired and accessed. Such a determination must be documented in writing and the documentation must be maintained for five years.
Personal information is defined as an individual’s first name or first initial and last name, or any middle name and last name, in combination with any one or more of the following data elements, when the data elements are not encrypted: Social Security number; driver’s license number or Florida Identification Card number; or an account number, or credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account. It does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.
Notification can be provided by mail, or e-mail. If the cost of providing regular notice would exceed $250,000, the amount of people to be notified exceeds 500,000, or the business does not have sufficient contact information to provide written or electronic notice, substitute notice may be provided. When substitute notice is used, it must consist of all of the following, as applicable: e-mail notice, conspicuous posting on the business’s web site, and notification to major statewide media. When a breach involves more than 1,000 people, the business must also notify the consumer reporting agencies.