H.R.5424 - Identity Theft Victims Assistance Act of 2002107th Congress (2001-2002)
|Sponsor:||Rep. Smith, Adam [D-WA-9] (Introduced 09/19/2002)|
|Committees:||House - Judiciary; Financial Services|
|Latest Action:||10/07/2002 Referred to the Subcommittee on Crime, Terrorism, and Homeland Security.|
This bill has the status Introduced
Here are the steps for Status of Legislation:
Subject — Policy Area:
- Crime and Law Enforcement
- View subjects
Text: H.R.5424 — 107th Congress (2001-2002)All Bill Information (Except Text)
There is one version of the bill.
Text available as:
Introduced in House (09/19/2002)
Formatting necessary for an accurate reading of this legislative text may be shown by tags (e.g., <DELETED> or <BOLD>) or may be missing from this TXT display. For complete and accurate display of this text, see the PDF or HTML/XML.
[Congressional Bills 107th Congress] [From the U.S. Government Printing Office] [H.R. 5424 Introduced in House (IH)] 107th CONGRESS 2d Session H. R. 5424 To prevent the crime of identity theft, mitigate the harm to individuals victimized by identity theft, and for other purposes. _______________________________________________________________________ IN THE HOUSE OF REPRESENTATIVES September 19, 2002 Mr. Smith of Washington (for himself, Mr. Gekas, Mr. Conyers, and Ms. Harman) introduced the following bill; which was referred to the Committee on the Judiciary, and in addition to the Committee on Financial Services, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned _______________________________________________________________________ A BILL To prevent the crime of identity theft, mitigate the harm to individuals victimized by identity theft, and for other purposes. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the ``Identity Theft Victims Assistance Act of 2002''. SEC. 2. FINDINGS. The Congress finds the following: (1) The crime of identity theft is the fastest growing crime in the United States. (2) Victims of identity theft often have extraordinary difficulty restoring their credit and regaining control of their identity because of the viral nature of identity theft. (3) Identity theft may be ruinous to the good name and credit of consumers whose identities are misappropriated, and victims of identity theft may be denied otherwise well-deserved credit, may have to spend enormous time, effort, and sums of money to remedy their circumstances, and may suffer extreme emotional distress including deep depression founded in profound frustration as they address the array of problems that may arise as a result of identity theft. (4) Victims are often required to contact numerous Federal, State, and local law enforcement agencies, consumer credit reporting agencies, and creditors over many years, as each event of fraud arises. (5) The Federal Government, business entities, and credit reporting agencies have a shared responsibility to assist identity theft victims, to mitigate the harm that results from fraud perpetrated in the victim's name. (6) Victims of identity theft need a nationally standardized means of-- (A) reporting identity theft to consumer credit reporting agencies and business entities; and (B) evidencing their true identity and claim of identity theft to consumer credit reporting agencies and business entities. (7) One of the greatest law enforcement challenges posed by identity theft is that stolen identities are often used to perpetrate crimes in many different localities in different States, and although identity theft is a Federal crime, most often, State and local law enforcement agencies are responsible for investigating and prosecuting the crimes. (8) The Federal Government should assist State and local law enforcement agencies to effectively combat identity theft and the associated fraud. SEC. 3. TREATMENT OF IDENTITY THEFT MITIGATION. (a) In General.--Chapter 47 of title 18, United States Code, is amended by adding after section 1028 the following new section: ``Sec. 1028A. Treatment of identity theft mitigation ``(a) Definitions.--In this section: ``(1) The term `business entity' means any corporation, trust, partnership, sole proprietorship, or unincorporated association, including any financial service provider, financial information repository, creditor (as that term is defined in section 103 of the Truth in Lending Act (15 U.S.C. 1602)), telecommunications, utilities, or other service provider. ``(2) The term `consumer' means an individual. ``(3) The term `financial information' means information identifiable as relating to an individual consumer that concerns the amount and conditions of the assets, liabilities, or credit of the consumer, including-- ``(A) account numbers and balances; ``(B) nonpublic personal information, as that term is defined in section 509 of the Gramm-Leach-Bliley Act (15 U.S.C. 6809); and ``(C) codes, passwords, social security numbers, tax identification numbers, State identifier numbers issued by a State department of licensing, and other information used for the purpose of account access or transaction initiation. ``(4) The term `financial information repository' means a person engaged in the business of providing services to consumers who have a credit, deposit, trust, stock, or other financial services account or relationship with that person. ``(5) The term `identity theft' means an actual or potential violation of section 1028 or any other similar provision of Federal or State law. ``(6) The term `means of identification' has the same meaning given the term in section 1028. ``(7) The term `victim' means a consumer whose means of identification or financial information has been used or transferred (or has been alleged to have been used or transferred) without the authority of that consumer with the intent to commit, or to aid or abet, identity theft or any other violation of law. ``(b) Information Available to Victims.-- ``(1) In general.--A business entity that possesses information relating to an alleged identity theft, or that has entered into a commercial transaction, provided credit, provided products, goods, or services for consideration, accepted payment, or otherwise done business for consideration with a person that has made unauthorized use of the means of identification of the victim, shall, not later than 20 days after the receipt of a written request by the victim, meeting the requirements of subsection (c), provide, without charge, a copy of all application and business transaction information related to the transaction being alleged as an identity theft to-- ``(A) the victim; ``(B) any Federal, State, or local governing law enforcement agency or officer specified by the victim; or ``(C) any law enforcement agency investigating the identity theft and authorized by the victim to take receipt of records provided under this section. ``(2) Rule of construction.-- ``(A) In general.--If the social security number of the victim receiving information pursuant to this section is identical to the social security number associated with the account or business transaction about which the victim is requesting information, no provision of Federal or State law prohibiting the disclosure of financial information by a business entity to third parties shall be used to deny disclosure of information to the victim under this section. ``(B) Limitation.--Except as provided in subparagraph (A), nothing in this section requires a business entity to disclose information that the business entity is otherwise prohibited from disclosing under any other provision of Federal or State law. ``(c) Verification of Identity and Claim.--Unless a business entity, at its discretion, is otherwise able to verify the identity of a victim making a request under subsection (b)(1), the victim shall provide to the business entity-- ``(1) as proof of positive identification, at the election of the business entity-- ``(A) the presentation of a government-issued identification card; ``(B) if providing proof by mail, a copy of a government-issued identification card; or ``(C) upon the request of the person seeking business records, the business entity may inform the requesting person of the categories of identifying information that the unauthorized person provided the business entity as personally identifying information, and may require the requesting person to provide identifying information in those categories; and ``(2) as proof of a claim of identity theft, at the election of the business entity-- ``(A) a copy of a police report evidencing the claim of the victim of identity theft; ``(B) a copy of a standardized affidavit of identity theft developed and made available by the Federal Trade Commission; or ``(C) any affidavit of fact that is acceptable to the business entity for that purpose. ``(d) Limitation on Liability.--No business entity may be held liable for a disclosure, made in good faith and reasonable judgment, to provide information under this section with respect to an individual in connection with an identity theft to other business entities, law enforcement authorities, victims, or any person alleging to be a victim, if-- ``(1) the business entity complies with subsection (c); and ``(2) such disclosure was made ``(A) for the purpose of detection, investigation, or prosecution of identity theft; or ``(B) to assist a victim in recovery of fines, restitution, rehabilitation of the credit of the victim, or such other relief as may be appropriate. ``(e) Authority To Decline To Provide Information.--A business entity may decline to provide information under subsection (b) if, in the exercise of good faith and reasonable judgment, the business entity believes that-- ``(1) this section does not require disclosure of the information; ``(2) the request for the information is based on a misrepresentation of fact by the victim relevant to the request for information; or ``(3) the information requested is Internet navigational data or similar information about a person's visit to a website or online service. ``(f) No New Recordkeeping Obligation.--Nothing in this section creates an obligation on the part of a business entity to obtain, retain, or maintain information or records that are not otherwise required to be obtained, retained, or maintained in the ordinary course of its business or under other applicable law. ``(g) Notification System.-- ``(1) In general.--A business entity may establish and maintain a notification system for the business entity to comply with this subsection, including a toll-free telephone number and a mailing address. ``(2) Requirements.--A notification system under paragraph (1) shall permit any person to make a request to, or to correspond with, the business entity under this subsection if-- ``(A) the business entity informs the person-- ``(i) that any person may request information under this subsection; and ``(ii) of the address and toll-free telephone number established and maintained for this purpose; and ``(B) a person representing the business entity-- ``(i) responds to an information request through the toll-free number within 3 business days after receiving the request; and ``(ii) facilitates the provision of such information to the person who initiated the request. ``(h) Enforcement.-- ``(1) Actions by states.-- ``(A) In general.--In any case in which the attorney general of a State has reason to believe that an interest of the residents of that State has been, or is threatened to be, adversely affected by a violation of this section by any business entity, the State, as parens patriae, may bring a civil action on behalf of the residents of the State in a district court of the United States of appropriate jurisdiction-- ``(i) to enjoin that practice; ``(ii) to enforce compliance of this section; ``(iii) to obtain damages-- ``(I) in the sum of actual damages, restitution, and other compensation on behalf of the residents of the State; and ``(II) punitive damages, if the violation is willful or intentional; and ``(iv) to obtain such other equitable relief as the court may consider to be appropriate. ``(B) Notice.--Before bringing an action under subparagraph (A), the attorney general of the State involved shall provide to the Attorney General of the United States-- ``(i) written notice of the action; and ``(ii) a copy of the complaint for the action. ``(C) Affirmative defense.--In any civil action brought to enforce this section, it is an affirmative defense (which the defendant must establish by a preponderance of the evidence) for a business entity to file an affidavit or answer stating that-- ``(i) the business entity has made a reasonably diligent search of its available business records; and ``(ii) the records requested under this section do not exist or are not available. ``(2) No private right of action.--Nothing in this section shall be construed to provide a private right of action or claim for relief. ``(3) Intervention.-- ``(A) In general.--On receiving notice of an action under paragraph (1)(B), the Attorney General of the United States shall have the right to intervene in that action. ``(B) Effect of intervention.--If the Attorney General of the United States intervenes in an action under this subsection, the Attorney General shall have the right to be heard with respect to any matter that arises in that action. ``(C) Service of process.--Upon request of the Attorney General of the United States, the attorney general of a State that has filed an action under this subsection shall, pursuant to Rule 4(d)(4) of the Federal Rules of Civil Procedure, serve the Government with-- ``(i) a copy of the complaint; and ``(ii) written disclosure of substantially all material evidence and information in the possession of the attorney general of the State. ``(D) Rule of construction.--For purposes of bringing any civil action under this subsection, nothing in this section shall be construed to prevent an attorney general of a State from exercising the powers conferred on such attorney general by the laws of that State-- ``(i) to conduct investigations; ``(ii) to administer oaths or affirmations; or ``(iii) to compel the attendance of witnesses or the production of documentary and other evidence. ``(4) Actions by the attorney general of the united states.--In any case in which an action is instituted by or on behalf of the Attorney General of the United States for a violation of this section, no State may, during the pendency of that action, institute an action under this subsection against any defendant named in the complaint in that action for violation of that practice.''. (b) Clerical Amendment.--The table of sections at the beginning of chapter 47 of title 18, United States Code, is amended by inserting after the item relating to section 1028 the following new item: ``1028A. Treatment of identity theft mitigation.''. SEC. 4. AMENDMENTS TO THE FAIR CREDIT REPORTING ACT. (a) Consumer Reporting Agency Blocking of Information Resulting From Identity Theft.--Section 611 of the Fair Credit Reporting Act (15 U.S.C. 1681i) is amended by adding at the end the following new subsection: ``(e) Block of Information Resulting From Identity Theft.-- ``(1) Block.--Except as provided in paragraph (3) and not later than 30 days after the date of receipt of proof of the identity of a consumer and an official copy of a police report evidencing the claim of the consumer of identity theft, a consumer reporting agency shall block the reporting of any information identified by the consumer in the file of the consumer resulting from the identity theft, so that the information cannot be reported. ``(2) Notification.--A consumer reporting agency shall promptly notify the furnisher of information identified by the consumer under paragraph (1)-- ``(A) that the information may be a result of identity theft; ``(B) that a police report has been filed; ``(C) that a block has been requested under this subsection; and ``(D) of the effective date of the block. ``(3) Authority to decline or rescind.-- ``(A) In general.--a consumer reporting agency may decline to block, or may rescind any block, of consumer information under this subsection if ``(i) in the exercise of good faith and reasonable judgment, the consumer reporting agency finds that ``(I) the information was blocked due to a misrepresentation of fact by the consumer relevant to the request to block; or ``(II) the consumer knowingly obtained possession of goods, services, or moneys as a result of the blocked transaction or transactions, or the consumer should have known that the consumer obtained possession of goods, services, or moneys as a result of the blocked transaction or transactions; or ``(ii) the consumer agrees that the blocked information or portions of the blocked information were blocked in error. ``(B) Notification to consumer.--If the block of information is declined or rescinded under this paragraph, the affected consumer shall be notified promptly, in the same manner as consumers are notified of the reinsertion of information under subsection (a)(5)(B). ``(C) Significance of block.--For purposes of this paragraph, if a consumer reporting agency rescinds a block, the presence of information in the file of a consumer prior to the blocking of such information is not evidence of whether the consumer knew or should have known that the consumer obtained possession of any goods, services, or monies as a result of the block. ``(4) Exceptions.--A consumer reporting agency shall not be required to comply with this subsection when such agency is issuing information for authorizations, for the purpose of approving or processing negotiable instruments, electronic funds transfers, or similar methods of payment, based solely on negative information, including-- ``(A) dishonored checks; ``(B) accounts closed for cause; ``(C) substantial overdrafts; ``(D) abuse of automated teller machines; or ``(E) other information which indicates a risk of fraud occurring. ''. (b) False Claims.--Section 1028 of title 18, United States Code, is amended by adding at the end the following: ``(j) Any person who knowingly claims falsely to be a victim of identity theft for the purpose of obtaining the blocking of information by a consumer reporting agency under section 611(e)(1) of the Fair Credit Reporting Act (15 U.S.C. 1681i(e)(1)) shall be fined under this title, imprisoned not more than 3 years, or both.''. (c) Statute of Limitations.--Section 618 of the Fair Credit Reporting Act (15 U.S.C. 1681p) is amended to read as follows: ``SEC. 618. JURISDICTION OF COURTS AND LIMITATION OF ACTIONS. ``(a) In General.--Except as provided in subsections (b) and (c), an action to enforce any liability created under this title may be brought in any appropriate United States district court without regard to the amount in controversy, or in any other court of competent jurisdiction, not later than 2 years from the date of a violation of any requirement under this title. ``(b) Willful Misrepresentation.--In any case in which the defendant has materially and willfully misrepresented any information required to be disclosed to an individual under this title, and the information misrepresented is material to the establishment of the liability of the defendant to that individual under this title, an action to enforce a liability created under this title may be brought at any time within 2 years after the date of discovery by the individual of the misrepresentation. ``(c) Identity Theft.--An action to enforce a liability created under this title may be brought not later than 5 years after the date of a violation if-- ``(1) the plaintiff is the victim of an identity theft; or ``(2) the plaintiff-- ``(A) has reasonable grounds to believe that the plaintiff is the victim of an identity theft; and ``(B) has not materially and willfully misrepresented such a claim.''. SEC. 5. COORDINATING COMMITTEE STUDY OF COORDINATION BETWEEN FEDERAL, STATE, AND LOCAL AUTHORITIES IN ENFORCING IDENTITY THEFT LAWS. (a) Membership and Term.--Section 2 of the Internet False Identification Prevention Act of 2000 (18 U.S.C. 1028 note) is amended-- (1) in subsection (b), by striking ``and the Commissioner of Immigration and Naturalization'' and inserting ``the Commissioner of Immigration and Naturalization, the Chairman of the Federal Trade Commission, the Postmaster General, and the Commissioner of the United States Customs Service,''; and (2) in subsection (c), by striking ``2 years'' and inserting ``6 years''. (b) Consultation.--Section 2 of the Internet False Identification Prevention Act of 2000 (18 U.S.C. 1028 note) is amended-- (1) by redesignating subsection (d) as subsection (e); and (2) by inserting after subsection (c) the following new subsection: ``(d) Consultation.--In discharging its duties, the coordinating committee shall consult with interested parties, including State and local law enforcement agencies, State attorneys general, representatives of business entities (as that term is defined in section 4 of the Identity Theft Victims Assistance Act of 2002), including telecommunications and utility companies, and organizations representing consumers.''. (c) Report Distribution and Contents.--Section 2(e) of the Internet False Identification Prevention Act of 2000 (18 U.S.C. 1028 note) (as redesignated by subsection (b) of this section) is amended-- (1) by amending paragraph (1) to read as follows: ``(1) In general.--The Attorney General and the Secretary of the Treasury, at the end of each year of the existence of the coordinating committee, shall report on the activities of the coordinating committee to the Congress.''; (2) in subparagraph (E), by striking ``and'' at the end; and (3) by striking subparagraph (F) and inserting the following: ``(F) a comprehensive description of Federal assistance provided to State and local law enforcement agencies to address identity theft; ``(G) a comprehensive description of coordination activities between Federal, State, and local law enforcement agencies that address identity theft; ``(H) a comprehensive description of how the Federal Government can best provide State and local law enforcement agencies with timely and current information regarding terrorists or terrorist activity where such information specifically relates to identity theft; and ``(I) recommendations in the discretion of the president, if any, for legislative or administrative changes that would-- ``(i) facilitate more effective investigation and prosecution of cases involving-- ``(I) identity theft; and ``(II) the creation and distribution of false identification documents; ``(i) improve the effectiveness of Federal assistance to State and local law enforcement agencies and coordination between Federal, State, and local law enforcement agencies; and ``(ii) simplify efforts by a person necessary to rectify the harm that results from the theft of the identity of such person.''. <all>