Identity Theft
by Gordon Eng

One of the frustrations faced by victims of identity theft is that the creditors who have been tricked by the identity thief attempt to collect their damages from the innocent victim of the identity theft. For example, an identity thief may purchase equipment and the vendor will attempt to collect the payment from the innocent victim. Effective January 1, 2002, newly enacted California Civil Code provisions allow a consumer who is a victim of identity theft to better defend themselves against these claims from creditors.

Under the new law if the creditor has already brought an action to recover on its claim against the identity theft victim, the victim may file a cross-complaint to establish that he or she is a victim of identity theft in connection with the claim.

The victim must establish that he or she is a victim of identity theft. If the victim has met the burden of proof, the victim is entitled to a judgment providing the following, as applicable: (1) a declaration that he or she is not obligated to the creditor on the claim; (2) a declaration that any security interest or other interest obtained by the creditor is void and unenforceable; (3) an injunction against collection or enforcement of the claim; (4) dismissal of the claim (if the consumer filed a cross-complaint); and (5) if the court deems appropriate, actual damages, attorneys’ fees, and equitable relief.

A civil penalty of up to $30,000 may be imposed if it is proven by clear and convincing evidence that: (1) at least 30 days before filing of the action or the cross-complaint, the consumer provided notice to the claimant that a situation of identity theft might exist and explained the basis of that belief and provides a copy of a police report where the victim has asserted he or she has been a victim of identity theft; (2) the creditor failed to diligently investigate the consumer's notification as a possible theft; and (3) the creditor continued to pursue its claim against the consumer after the creditor was presented with facts that were later held to entitle the consumer to a judgment.

A word to the wise, if you think you have been a victim of identity theft, file a police report as soon as possible and obtain a copy of the report. By giving a copy of the report to a creditor, you may be able to convince the creditor to stop its collection action and if the creditor insists on pursuing a collection action the victim maybe able to claim damages form the creditor. Since the creditor may be subject to damages and attorneys’ fees the creditor is less likely to commence a legal action if the consumer can show them a police report.

Some related identity theft legislation also affects the use of consumer credit reporting information. Any person who uses a consumer credit report in connection with a credit transaction, and who discovers that the address of the credit report does not match the address of the consumer requesting or being offered credit, must take reasonable steps to verify the accuracy of the consumer's address. The user of the consumer credit report must contact the consumer by telephone, or write the consumer, to confirm that the credit transaction is not the result of identity theft.

Also, any person who uses a consumer credit report in connection with a credit transaction, and who receives a clearly identifiable notification from a consumer credit reporting agency that information in that report has been blocked as a result of identity theft, must not lend money or extend credit without taking reasonable steps to verify the consumer's identity and to confirm that the credit transaction is not the result of identity theft.

The damages for the above violations in the uses of consumer credit information include actual damages, court costs, attorney fees, and punitive damages of not more than $30,000 for each violation, as the court deems appropriate.

Using Social Security Numbers (SSN) in a manner where this information will be available to the public is also restricted. Effective July 1, 2002, a person or entity (excluding a state or local agency) is prohibited from using an individual's SSN number in the following ways :

- Publicly posting or publicly displaying the number in any manner.

- Printing the number on any card required for the individual to access products or services provided by that vendor.

- Requiring the individual to transmit his or her SSN over the Internet unless the connection is secure or the SSN is encrypted.

- Requiring the individual to use his or her SSN to access an Internet website, unless a password or other unique identifier is also required to access the website.

- Printing the number on any material that is mailed to the individual, unless state or federal law requires the number to be on the document to be mailed. An exception is provided for applications and forms sent by mail.

However, if the SSN was being used in a now prohibited way before July 1, this use can continue as long as the customers are notified annually that they have the right to stop the use of their SSN in the prohibited manner. A written request by an individual to stop the use of his or her SSN in the prohibited manner must be honored within 30 days of receipt of the request. A person or entity may not deny services to an individual because the individual made the written request.

Identity theft is a rapidly growing crime and one which is receiving increased attention. We should expect to see additional legislation in this area.

Caveat: This is general information and is not intended to be legal advice to the reader. Any person interested in understanding the effect of the new law or its application should consult with appropriate legal counsel.

About the author: Gordon Eng is a lawyer in Torrance, CA. He is a business lawyer and his practice includes start ups, joint ventures, established companies as well as commercial real estate transactions. He can be reached at 310-527-7781.