Credit Repair Law – When Ever Identity Theft Strikes

Credit repair law is usually a highly important topic for most individuals to be aware of, specially those who have happen to be victimized via identity theft. Identity theft is actually a crime in which just one person or even a team of people steal some other individual’s identification for their very own financial gain. These people might get out loans in this individual’s name and / or steal significant data files off their particular pc. Identity theft is definitely a terrifying crime as well as it happens all around the entire world.

Men and women seriously need to figure out just how problematic a crime this specific is, and also if you’re at any time made a victim of identity theft you’re going to need to understand regarding credit repair law. Credit repair law is usually the law referred to which will requires precisely what happens to the perpetrator and victim of the particular crime. It determines exactly what happens to the criminal of the crime and even the victim. You might want to get started with the help of a credit repair specialist, a pro who’s going to be able to appropriately assess your current situation.

Recently there will be a very few things you could do on your own that may help you restore your credit score. This is going to take time for the reason that unfortunately there is no miraculous spell which may get it back quickly for you. Specially considering a few victims of identity theft have been taken for thousands and thousands of bucks, this particular can be some thing that you’re going to need to work at. Just ensure that you communicate to each and every one of your debtors.

You would like to let them know that you’re a victim of identity theft as well as that the particular financial debt racked up was definitely not even by you. Even while you are still going to owe this money, at least they are much more likely to be lenient with you if these people know that you just have really been a victim of this sort of a horrible criminal offenses. They will be going to be much more lenient and understanding if ever they will know you’ve been a victim of this nasty criminal offense. Debt consolidation loans can even be very helpful, to get all your debtors paid off after which you only have a unique credit to be concerned about each and every 30 days.

This loan will take on just about all of all the various debts you owe and consolidate all of them down into a single loan. This can be incredibly difficult to have to go through however at least you realize you can certainly restore your credit scores and finally have got it back wherever it had been to begin with. Then you will be able to focus much more on your financial situation and also making sure that you’re promptly with payments. Its essential to possess good credit and even immediately after going through a horrifying criminal offense like identity theft you have to have to try and so get back again on good track.

Hawaii Law Briefing – Hawaii Security Breach Law and Identity Theft Notification

Identity theft is one of the fastest growing crimes committed throughout the United States. Criminals who steal personal information use the information to open credit card accounts, write bad checks, buy cars, and commit other financial crimes with other people’s identities.

Hawaii has the sixth worst record of identity theft in the nation, according to a 2007 report.

I. Hawaii’s Security Breach Law

Identity theft in Hawaii has resulted in significant losses to both businesses and consumers. This epidemic motivated the Hawaii legislature in 2006 to pass several bills whose purpose is to provide increased protection to Hawaii residents from identity theft:

Act 135: Requires businesses and government agencies that keep confidential information about consumers to notify those consumers if that information has been compromised by an unauthorized disclosure;

Act 136: Requires reasonable measures to protect against unauthorized access to personal information to be taken when disposing of records;

Act 137: Restricts businesses and government agencies from disclosing/requiring social security numbers to/from the public;

Act 138: Permits consumer who has been the victim of identity theft to place a security freeze on their credit report;

Act 139: Intentional or knowing possession without authorization of confidential personal information is a class C felony.

Together, the bills signed into law by Governor Linda Lingle as HRS Chapter 487R impose obligations on businesses in Hawaii to notify residents whenever their personal information maintained by the business has been compromised by unauthorized disclosure.

HRS Chapter 487R does not cover financial institutions subject to the Federal Interagency Guidance on Response Programs for Unauthorized Access to Consumer Information and Customer Notice, or Health plans and providers subject to HIPAA.

The underlying policy behind HRS Chapter 487R is that prompt notification will help potential victims to act against identity theft by initiating steps to monitor their credit reputation. Thus, it is critical that any business subject to HRS Chapter 487R audit the manner in which confidential personal information is maintained and have a security breach team prepared to comply with the notice obligations and effectively deal with any breach of personal information.

II. Security Breach

HRS 487R imposes obligations on the part of Hawaii businesses to notify an individual whenever the individual’s personal information that is maintained by the business has been compromised by unauthorized disclosure and to do so in a timely manner.

Under the statute, “Personal Information” consists of an individual’s first name or first initial AND last name in combination with any one or more of the following data elements, when either the name OR the data elements are not encrypted: Social Security Number, driver’s license or Hawaii Identification Number; or an account number, credit or debit card number, or password that would permit access to an individual’s financial account.

The personal information is protected if on a “record.” A “record” is any material on which written, drawn, spoken, visual, or electromagnetic information is recorded or preserved, regardless of physical form or characteristics. Thus, a “record” can be in digital form or on a paper document, which differs significantly from other states that might cover only digital information.

The notice obligations are triggered when a “security breach” occurs. A “security breach” is defined as an incident of unauthorized access to AND acquisition of unencrypted or unredacted records of data containing personal information, where illegal use of the personal information has occurred, OR is reasonably likely to occur; AND that creates a risk of harm to a person. As the definition indicates many times it is difficult to determine whether information has been “acquired” or to the extent that a “risk of harm” exists.

Several states, including Alabama, Connecticut, Delaware, and Florida have devised a risk of harm exception. Such exception generally relieves the business from the notice obligation requirement after consultation with law enforcement. Since Hawaii law has no such exception most incidents of unencrypted/unredacted theft or loss of records containing personal information should carry the presumption that illegal use is likely to occur and a risk of harm. In addition, even if a statutory obligation does not arise other legal obligations may exist with respect to the theft or loss.

III. Notification Obligations

To the extent a security breach has occurred, and personal information has been compromised, the business must satisfy the notification obligations imposed by HRS Chapter 487R. Form notices are made part of this article for educational purposes only. The notice obligations must be satisfied without “unreasonable delay.” The only exception would be if a law enforcement agency informs the business in writing that notification may impede a criminal investigation or jeopardize national security. Once it has been determined that the notice will no longer impede the investigation, the notice must be promptly provided.

Under HRS Chapter 487R, the business must notify the resident (and the Office of Consumer Protection/credit reporting agencies where notice has been provided to 1,000 persons).
The notice must be given to the last available address. The notice may be sent to the resident’s email address only if the person has “opted in” to receive notices in that manner. Direct telephonic notice may be given under the statute, but generally is not the recommended way to notify the resident given the potential legal risk with such form of communication.

Under the statute, “substitute notice” may be provided where the costs to provide if the business can demonstrate that the cost of providing notice would exceed $100,000 or that the affected class of subject persons to be notified exceeds two hundred thousand, or if the business does not have sufficient contact information or is unable to identify particular affected persons.

Substitute notice shall consist of emailing the person when the email address is known, the conspicuous posting of a notice on the website maintained by the business, and notification of the security breach to major statewide media.

IV. Penalties

Statutory penalties can be significant. However, government agencies are exempt from statutory penalties under HRS ยง 487R-3. Under the law, businesses can be fined not more than $2,500 for each violation. Such penalty can add up quickly where hundreds or even thousands of Hawaii residents are not informed that their personal information has been compromised.

In addition, a court may impose an injunction on the business and the business may be liable for actual damages and attorneys’ fees.

V. Final Word

Hawaii and other states have taken significant steps to combat the growing epidemic of identity theft. It is important that both Hawaii businesses and employers, and consumers take reasonable steps to protect their interests and reputations.

For Hawaii employers and businesses:

o Enter into agreements imposing obligations on third-party companies to handle sensitive and personal information of your employees and customers in a reasonable manner and to report security breaches immediately;

o Ensure reasonable administrative, physical, and technical safeguards are placed over the personal information handled both the third-party company and internally;

o Periodically have the IT department conduct a risk analysis over electronically-stored information and computer network systems of the company;

o Have IT draft and periodically review comprehensive security procedures to limit vulnerability of the company’s systems and a plan of action;

o Train and retrain employees on privacy policies;

o Ensure company employees collect only the minimum amount of information necessary to accomplish the business purpose.

For consumers:

o Ask your employer, doctor, bank, etc., what steps are taken to protect against misappropriation of private information;

o Treat your mail and trash carefully; use cross cut shredders;

o Use locked mailboxes;

o Keep private information kept in your home hidden and secure;

o Don’t give out private information over the phone;

o Use care when using your computer; create strong passwords;

o Use common sense and stay alert (for example, write to your creditor as soon as you believe you have not timely received a billing statement);

o File a police report and obtain the police report number when you learn that your personal information has been compromised and close accounts, e.g., credit card, bank accounts, etc.;

o Follow up with law enforcement in writing and maintain a file; dispute bad checks written directly with merchants;

o Place a fraud alert/freeze on your credit files (Equifax, Experian or Transunion);

o Periodically obtain your credit report and look it over carefully; note inquiries from companies you did not contact, accounts you did not open, debts you cannot explain and report such information immediately to law enforcement.

SAMPLE LETTER 1

Data Acquired: Account Number, Credit Card or Debit Number, Access Code or Password that would permit access to Individual’s Financial Account

Dear

We are writing to you because of a recent security incident at [name of organization].
[Describe what happened in general terms, what type of personal information was involved, and what you are doing in response, including acts to protect further unauthorized access.]

To protect yourself from the possibility of identity theft, we recommend that you immediately contact [credit card or financial account issuer] at [phone number] and tell them that your account may have been compromised. Continue to monitor your account statements.

If you want to open a new account, ask [name of account insurer] to give you a PIN or password. This will help control access to the account.

To further protect yourself, we recommend that you review your credit reports at least every three months for at least the next year. Just call any one of the three credit reporting agencies at a number below. Ask for instructions on how to get a free copy of your credit report from each.

Experian Equifax TransUnion
888-397-3742 888-766-0008 800-680-7289

For more information on identity theft, we suggest that you visit the Web site of the Hawai’i Department of Commerce and Consumer Affairs at ______________ [or the Federal Trade Commission at ___________________]. If there is anything [name of your organization] can do to assist you, please call [toll-free (if phone number].

[Closing]

SAMPLE LETTER 2

Data Acquired: Driver’s License or Hawai’i Identification Card Number

Dear

We are writing to you because of a recent security incident at [name qt. organization].
[Describe what happened in general terms, what kind of personal information was involved, and what you are doing in response, including acts to protect further unauthorized access.]

Since your Driver’s License [or Hawai’i Identification Card] number was involved, we recommend that you immediately contact your local DMV office to report the theft. Ask them to put a fraud alert on your license.

To further protect yourself, we recommend that you place a fraud alert on your credit files. A fraud alert lets creditors know to contact you before opening new accounts. Just call any one of the three credit reporting agencies at a number below. This will let you automatically place fraud alerts with all of the agencies. You will then receive letters from ail of them, with instructions on how to get a free copy of your credit report from each.

Experian Equifax Trans-Union
888-397-3742 888-766-0008 800-680-7289

When you receive your credit reports, look them over carefully. Look for accounts you did not open. Look for inquiries from creditors that you did not initiate and look for personal information, such as home address and Social Security number, that is not accurate. If you see anything you do not understand, call the credit reporting agency at the telephone number on the report.

If you do find suspicious activity on your credit reports, call local law enforcement and file a report of identity theft. [Or, if appropriate, give contact number for law enforcement agency investigating the incident for you.] Get a copy of the police report. You may need to give copies to creditors to clear up your records.

Even if you do not find any signs of fraud on your reports, we recommend that you check your credit reports at least every three months for at least the next year. Just call one of the numbers above to order your reports and keep the fraud alert in place.

For more information on identity theft, we suggest that you visit the Web site of the Hawai’i Department of Commerce and Consumer Affairs at _________________ [or the Federal Trade Commission at __________________]. If there is anything [name of your organization] can do to assist you, please call [toll free (if possible) phone number].

[Closing]

SAMPLE LETTER 3

Data Acquired: Social Security Number

Dear

We are writing to you because of a recent security incident at [name of organization]. [Describe what happened in general terms, what kind of personal information was involved, and what you are doing in response, including acts to protect further unauthorized access.]

To protect yourself from the possibility of identity theft, we recommend that you place a fraud alert on your credit files. A fraud alert lets creditors know to contact you before opening new accounts. Just call any one of the three credit reporting agencies at a number below. This will let you automatically place fraud alerts with all of the agencies. You will then receive letters from all of them, with instructions on how to get a free copy of your credit report from each.

Experian Equifax TransUnion
888-397-3742 888-766-0008 800-680-7289

When you receive your credit reports, look them over carefully. Look for accounts you did not open. Look for inquiries from creditors that you did not initiate and look for personal information, such as home address and Social Security number, that is not accurate. If you see anything you do not understand, call the credit reporting agency at the telephone number on the report.

If you do find suspicious activity on your credit reports, call local law enforcement and file a police report of identity theft. [Or, if appropriate, give contact number fur law enforcement agency investigating the incident, for you.] Get a copy of the police report. You may need to give copies of the police report to creditors to clear up your records.

Even if you do not find any signs of fraud on your reports, we recommend that you check your credit reports at least every three months for at least the next year. Just call one of the numbers above to order your reports and keep the fraud alert in place.

For more information on identity theft, we suggest that you visit the Web site of the Hawai’i Department of Commerce and Consumer Affairs at ____________ [or the Federal Trade Commission at ______________]. If there is anything [name of your organization] can do to assist you, please call [toll-free (if possible) phone number].

[Closing]

Search Results

Search Results

The New Identity Theft Law – Will it Work?

Identity theft is now a pandemic, and a scourge for its victims. Is the federal government finally ready to fight back? The Identity Theft and Restitution Act of 2008 was signed into law by President Bush. The new law is supposed to make it easier for the government to convict those charged with pursuing computerized identity theft. Supporters tout this legislation as allowing federal prosecutors to be more aggressive in cracking down on identity theft cyber crime. But will it work to protect millions of future victims? The new law provides for the following:

1. Discarding the requirement that damage to a victim’s computer exceed $5,000 over a one year period before charges can be asserted for unauthorized access to a computer.

2. Eliminating the interstate jurisdictional requirement, thus allowing prosecution of those who steal personal information from a computer, even when the victim’s computer is located in the same state as the thief’s computer.

3. Allowing victims of identity theft to seek restitution for an amount equal to the value of the time reasonably spent to fix their problems.

4. Adding the charge of a conspiracy to commit cyber crimes. (The prior law only allowed for charges related to the actual crime, and made no provisions for conspiracy to commit the underlying charge.)

5. Adding the remedies of civil and criminal forfeiture to better allow federal prosecutors to combat cyber crime. Individuals found guilty of violating the act can be forced to forfeit both property used in commission of the cyber crime, as well as property obtained from any proceeds gained from the cyber crime.

6. Making it a felony to electronically damage ten or more computers no matter the value of the damage caused.

7. Making it a crime to threaten to steal or release information from an individual’s computer. (Prior law only permitted the prosecution of those who seek to extort companies or government agencies by explicitly threatening to shut down or damage a computer.)

It is intended that the new law will allow federal prosecutors to be much more aggressive in prosecuting identity theft criminals. Elimination of both the $5,000 damage requirement and the interstate jurisdictional requirement should make it easier for prosecutors to bring charges. But will it really help? The federal government has tried to keep up with identity theft for years with few results. If the feds are truly interested in stamping out the pandemic, it is with the enforcement of the laws, and not just new laws, that will turn the tide. Still, there are encouraging signs that a wide ranging effort is being made. The IRS is helping out by allowing in this next year all but the last four digits of taxpayer ID numbers to be blocked out on 1099’s, W-2s, and other informational returns. There is privacy in that move.