Resources for Attorneys
This page is intended to be helpful for attorneys working with victims of identity theft including legal assistance providers, victims’ rights attorneys, prosecutors, and other lawyers involved in working with victims.
You may want to consider joining your area’s identity theft coalition to receive support from other legal professionals. To find out more, please find an existing coalition in your state.
Agencies That Offer Legal Assistance:
See our Resource Map to find legal assistance agencies that have reported to the Office for Victims of Crime that they provide service to victims of identity theft.
Available Online Legal Self-Help for Clients:
NITVAN, along with partners at Kansas Legal Services and Pro Bono Net, have created & launched an online Access to Justice (A2J) assistance package for victims of identity theft. The package includes automated creation of letters – mirroring those created by the Federal Trade Commission – which victims can use in communicating and resolving issues with creditors, debt collectors, and credit reporting bureaus. Information about options victims have in recovering from the crime, as well as links to helpful resources are also available. The packages are available now in many states and territories and can be accessed via our Resource Map.
Applicable Laws to Identity Theft Cases:
State Identity Theft Victims’ Rights Laws
- Twenty-nine states, Guam, and the District of Columbia have specific restitution provisions for identity theft.
- Three states—Iowa, Kentucky and Tennessee—have forfeiture provisions for identity theft crimes.
- Eleven states—Arkansas, Delaware, Iowa, Maryland, Mississippi, Montana, Nevada, New Mexico, Ohio, Oklahoma and Virginia—have created identity theft passport programs to help victims from continuing identity theft.
The National Council of State Legislatures maintains a list of criminal penalties, restitution and identity theft passport laws here.
Click on the Resource Map to learn more about:
Federal Victims’ Rights Laws
Identity theft is prosecuted under numerous federal statutes, including the Identity Theft Prevention Action and the Fair and Accurate Credit Transaction Act (FACT Act). You can find a list of legislation at the National Criminal Justice Reference Service.
It wasn’t until Congress passed the Identity Theft and Assumption Deterrence Act of 1998 that identity theft was officially listed as a federal crime. The act strengthened the criminal laws governing identity theft. Specifically, it amended 18 U.S.C. § 1028 (“Fraud and related activity in connection with identification documents”) to make it a federal crime to—knowingly transfer or use, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law.
The Identity Theft and Assumption Deterrence Act
This act made identity theft a separate crime against the individual whose identity was stolen and credit destroyed. Previously, victims had been defined solely by financial loss and often the emphasis was on banks and other financial institutions, rather than on individuals. It established the Federal Trade Commission (FTC) as the Federal Government’s one central point of contact for reporting instances of identity theft by creating the Identity Theft Data Clearinghouse.
- It increased criminal penalties for identity theft and fraud. Specifically, the crime now carries a maximum penalty of 15 years imprisonment and substantial fines.
- It closed legal loopholes, which previously had made it a crime to produce or possess false identity documents, but not steal another personal’s personal identifying information.
- Over time, state legislative bodies also started to pass laws that helped victims, and these laws ended up being the basis for many national laws years later. As most crimes are prosecuted on the state level, these laws came to have a significant positive impact on victims.
Fair Debt Collection Practices Act (FDCPA)
The Fair Debt Collection Practices Act (15 U.S.C. §§ 1692-1692p, as amended by Pub. L. 109-351, §§ 801-02, 120 Stat. 1966) prohibits debt collectors from using unfair or deceptive practices to collect overdue bills that a creditor has forwarded for collection.
Fair Credit Reporting Act (FCRA) and the Fair and Accurate Credit Transactions Act (FACTA) of 2003
FCRA is the law governing the accuracy and privacy of credit reports. FACTA amended the Fair Credit Reporting Act in 2003 to strengthen and add to the protections for victims of identity theft. These laws require consumer reporting agencies (CRAs) and creditors to help victims recover from identity theft, and allow consumers to place alerts on their credit files if they are or believe they may become victims of identity theft (fraud alerts). Consumers have the right to dispute inaccurate information, and CRAs and creditors must investigate the claim and correct information if it is inaccurate. The laws also entitle consumers to a free credit report once per year from each of the three credit reporting agencies. As part of the responsibilities under FACTA, the Federal Trade Commission and the federal financial agencies established “Red Flag Rules” requiring creditors and financial institutions to establish programs designed to address identity theft.
Identity Theft Penalty Enhancement Act of 2004
This act (Pub. L. 108–275 § 1028A) establishes penalties for “aggravated” identity theft, which is using the identity of another person to commit felony crimes, including immigration violations, theft of another’s Social Security benefits, and acts of domestic terrorism.
Identity Theft Enforcement and Restitution Act of 2008
This act amends 18 U.S.C. § 3663(b) to make it clear that restitution orders for identity theft cases may include an amount equal to the value of the victim’s time spent remediating the actual or intended harm of the identity theft or aggravated identity theft. The new law also allows federal courts to prosecute when the criminal and the victim live in the same state. Under previous law, federal courts only had jurisdiction if the thief uses interstate communication to access the victim’s PII.
Federal Privacy Laws
Driver’s Privacy Protection Act of 1994
The Driver’s Privacy Protection Act puts limits on disclosures of personal information in records maintained by state departments of motor vehicles.
Family Educational Rights and Privacy Act of 1974
The Family Education Rights and Privacy Act puts limits on the disclosure of educational records maintained by agencies and institutions that receive federal funding.
Gramm-Leach-Bliley Act of 1999 (GLBA)
Health Information Portability and Accountability Act of 1996 (HIPAA)
The privacy rule regulates the security and confidentiality of patient information. The U.S. Department of Health and Human Services published a final Security Rule in February 2003, which sets national standards for protecting the confidentiality, integrity, and availability of electronic protected health information.
Download the latest Adobe Acrobat Reader to view PDF files.