Sara R. Paul, Reference Librarian, New York City District Attorney’s Office
Identity theft is an increasingly common crime in which a criminal obtains a victim’s Personal Identifying Information (PII) to commit fraud or other crimes. The daily news is full of these stories, ranging from anecdotal tales of an individuals’ stolen identity to lapses in security surrounding sensitive consumer data.
Researching the topic can be a daunting task. Indeed, the recent proliferation of materials, along with the fact that case law is growing exponentially, means that there is a rather large body of literature. In addition, the actual act of identity theft is dynamic and constantly evolving, thus any technical materials are being continually revised.
The following bibliography outlines the pertinent federal statutes and resources for researching Identity Theft. Included is a list of newsletters and blogs that can be used to keep abreast of new developments, such as a bill introduction or a major security breach.
- I. Federal Statutes
- A. Identity Theft Statutes
- B. False Identification Statutes
- C. Statutes Governing Privacy and the Use of Personal Data
- D. Federal Credit Laws
- II. Sources for Further Research
- A. Legal Reference Materials
- B. Select Treaties
- C. Websites
- D. Resources for Keeping Current
- III. Topical List of Selected Articles and Publications
- A. Identity Theft in General
- B. Phishing and Other Forms of Cyber ID Theft
- C. Credit Law and Credit Bureaus
- D. Data Brokers and Breach of Security
- E. Resources for Law Enforcement
- F. Civil Liability and Risk Management
A wide range of federal laws relate to identity theft. Laws can be grouped into four main categories: Identity theft specific laws, false identification laws, privacy and personal data laws, and credit law. Identity theft specific laws are those that were designed and enacted to criminalize the act of identity theft. False Identification laws deal specifically with fraud in connection with personal identifying documents. Privacy and personal data laws can help prevent identity theft by regulating how personal identifying information (PII) is collected and disseminated. Laws regarding credit directly impact victims of identity theft, as those individuals must restore their credit ratings and limit their liability for unauthorized debts. In particular, the following statutes are frequently cited in the literature regarding identity theft.
1. Identity Theft and Assumption Deterrence Act of 1998
Enacted H.R. 4151, October 30, 1998
112 Sat. 3007, codified at 18 U.S.C § 1028
- The Identity Theft and Assumption Deterrence Act of 1998 was the first piece of federal legislation to deal directly with identity theft. For the first time, ID Theft became a named federal crime, making it somewhat easier for law enforcement to prosecute. The Act established the Federal Trade Commission (FTC) as the government entity charged with establishing “procedures to … log and acknowledge the receipt of complaints by individuals”, as well as educate and assist potential victims. The term “means of identification” is described as a person’s “name, social security number, date of birth, official State or government issued driver’s license or identification number, alien registration number, government passport number, employer or taxpayer identification number.” (18 U.S.C. § 1028(d)(7)). The U.S. Sentencing Commission is directed to incorporate the crime of ID theft into the United States Sentencing Guidelines Manual (United States Sentencing Commission, Identity Theft: Final Report)
2. Identity Theft Penalty Enhancement Act
Enacted H.R. 1731 / S.153, July 15, 2004
118 Stat. 831, Added 18 U.S.C. § 1028A
- The Identity Theft Penalty Enhancement Act, passed in July 2004, established penalties for aggravated identity theft. This includes instances when identity theft has been used as one step in a process of more serious crimes, such as terrorist acts, immigration violations, and firearms offenses. The Act directs the U.S. Sentencing Commission to amend the Federal sentencing guidelines so that individuals who gain access to the information used to commit identity theft at their place of employment face increased penalties. The amendments set fourth by the United States Sentencing Commission, implementing sections 2 and 5 of the Identity Theft Penalty Enhancement Act were published in the May 11, 2005 Federal Register. The Fair and Accurate Credit Transactions Act of 2003.
3. The Fair and Accurate Credit Transactions Act of 2003
Enacted H.R. 2622 / S. 1753, December 4, 2003
117 Stat. 1952, U.S.C. § 1681 et seq.
- Section 5 of the Fair and Accurate Credit Transactions Act (FACTA), an amendment to the Fair Credit Reporting Act, specifically addresses identity theft and related consumer issues. Victims of identity theft are granted the ability to work with creditors and credit bureaus to remove negative information in their credit report resulting from identity theft. FACTA also created requirements to prevent identity theft, such as requiring merchants to truncate credit card numbers on receipts, and enabling consumers to request that a credit bureau truncate their Social Security number when disclosing their credit report (15 U.S.C. § 1681g(a)(1)(A)). Individuals can also order a copy of their credit report free of charge once every year (15 U.S.C. § 1681j). In an effort to give credit bureaus time to comply with these new regulations, the FTC created a rolling effective date, based on the state of the consumer’s residence (Effective Dates for the Fair and Accurate Credit Transactions Act of 2003, 16 CFR Part 602). FACTA also enabled consumers to place three different types of fraud alerts intended to stop credit grantors from opening any new accounts. An individual who suspects they are, or are about to become, the victim of ID theft, can place an “initial alert” in their file. If an individual has been a victim of ID theft, and has filed report with a law enforcement agency, they can then request an “extended alert.” After an extended alert is activated, it will stay in place for seven years, and the victim may order two free credit reports within 12 months. For the next five years, credit agencies must exclude the consumer’s name from lists used to make pre-screened credit or insurance offers. Finally, military officials are enabled to place an “active duty alert” when they are on active duty or assigned to service away from the usual duty station (15 U.S.C. § 1681c-1).
B. False Identification Statutes
1. False Identification Crime Control Act of 1982
H.R. 6946, December 31, 1982
96 Stat. 2009, Added 18 U.S.C § 1028 & 18 U.S.C. § 1738
- The False Identification Crime Control Act of 1982 was passed to prohibit fraud in connection with identification documents. The act added two new statutes, “Fraud and related activity in connection with identification documents” (18 U.S.C. § 1028) and “Mailing private identification documents without a disclaimer” (18 U.S.C. § 1738, since repealed by P.L. 106-578). Violators face fines and/or imprisonment for producing or transferring an identification document known it to be false or stolen. The Act also prohibited producing, transferring, or possessing a document-making device with the intent to produce false identification documents. However, the usage of the word “document” indicated that a defendant would have to actually possess the physical identification.
2. Internet False Identification Act of 2000
Enacted S. 2924, December 28, 2000
114 Stat. 3075, Codified at 18 U.S.C 1001, 1028
- The Internet False Identification Act of 2000 amended the False Identification Crime Control Act of 1982 to encompass computer-aided false identity crimes. Essentially, the Act expanded the scope of the fraudulent identification document crime to include document transfer by electronic means. Indeed, one of the main goals of the act was to end the distribution of counterfeit identification documents over the web. According to the FDIC, the Act closed “a loophole left by the ID Theft Act, [enabling] law enforcement agencies to pursue those who formerly could sell counterfeit social security cards legally by maintaining the fiction that such cards were “novelties” rather than counterfeit documents” (Putting an End to Account-Hijacking Identity Theft, FDIC). As a result, the statute now accounts for computer-facilitated crimes of false identity and prohibits the possession, production, or transfer of false identification documents or identification documents that were not legally issued to the possessor (18 U.S.C. §§1028 (a)(1), (2)). It also prohibits the production, transfer, or possession of any “document making implement” that is intended for use manufacturing false identification documents (18 U.S.C. §§1028 (a)(5)).
C. Statutes Governing Privacy and the Use of Personal Data
1. Privacy Act of 1971
Enacted S.3418, December 31, 1974
88 Stat. 1896, Codified 5 U.S.C. § 552a
- The 1974 Privacy Act was implemented to give individuals more control over the government’s collection and use of personal identifying information. Under the act a government agency can collect only information that is relevant and necessary to accomplish the particular agency functions (5 U.S.C. § 552a(e)(1)). Federal agencies are also limited in the extent to which they can disclose records. An individual must consent in writing, a court order must be placed, or the disclosure must fall within one of the exceptions provided in the statute. Regarding the usage of social security numbers as an identifier, the Privacy Act requires any federal, state or local government agency to tell you if the number is required, what will be done with it, and what will happen if you refuse to provide it (U.S.C. § 552a). The Privacy Act failed to address personal information collected by private parties, such as data brokers, collection agencies or consumer credit groups.
2. Drivers Privacy Protection Act of 1994
P.L. 103-322 (Title XXX), amended by 106-69
Enacted, as amendment to H.R. 3355, September 13, 1994
108 Stat. 2099, 18 U.S.C. §§ 2721-2725
- Congress passed the Driver’s Privacy Protection Act (DPPA) as an amendment to the Omnibus Crime Act of 1994. Prior to passage of the DPPA, anyone could pay a couple dollars, and obtain a driver’s full name, address, birth date and license number. The DPPA limited the use of a driver’s motor vehicle record to certain purposes (18 U.S.C. § 2721). Essentially the act was passed to make it more difficult to obtain an individual’s PII. After being challenged by a South Carolina court alleging that the Act violated principles of federalism, the Supreme Court upheld the constitutionality of the Drivers Privacy Protection Act under Congress’s authority to regulate interstate commerce within the Commerce Clause (Reno v. Condon, 528 U.S. 141 (2000)).
3. Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Enacted H.R. 3103, August 21, 1996
110 Stat. 1936, codified 42 U.S.C. 1320
- The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires healthcare providers and insurers to create and maintain electronic patient records, in order to improve confidentiality and efficiency. The confidentially provisions limit the way doctors, health plans, pharmacies, hospitals and medical providers use patients’ medical information. HIPAA protects “individually identifiable health information,” meaning any data “created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse” relating to a patients physical or mental condition or care (42 U.S.C. § 1320d(4)). HIPAA requires health providers to send a privacy notice that states their policies for sharing individually identifiable health information without consent. Only when a patient gives consent, may a provider disclose individually identifiable health information. In effect, HIPAA implies a duty to disclose security breaches to affected individuals.
4. Gramm-Leach- Bliley Act of 1999
Enacted S. 900, November 12, 1999
113 Stat. 1338, 15 U.S.C. § 6801, et seq.
- The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, provides limited privacy protections against the sale of consumer financial information. The financial privacy provisions of GLBA are located in subchapter 1, “Disclosure of Nonpublic Personal Information” (15 U.S.C. § 6801-6809), and subchapter 2, “Fraudulent Access to Financial Information” (15 U.S.C. § 6821-6827). Both contain specific prohibitions against gathering or disclosing consumer’s financial information under false pretenses. GLBA specifically makes it a crime to obtain customer information by means of false or fraudulent statements to an officer, employee, agent or customer of a financial institution (15 U.S.C.6821, 6823). Gramm-Leach- Bliley instructs eight federal regulatory agencies and the states to administer and enforce the Financial Privacy Rule and the Safeguards Rule, to ensure that financial institutions prevent unauthorized disclosure of consumer financial information, including fraudulent access, by implementing appropriate policies, procedures and controls.
5. Social Security Number Confidentiality Act of 2000
Enacted H.R. 3218, November 6, 2000
114 Stat. 1910, 31 U.S.C. § 3327
- The Social Security Confidentially Act of 2000 prohibits displaying social security numbers on unopened checks or other Treasury issued drafts.
1. The Fair Credit Reporting Act
P.L. 91-508 (Title VI § 601)
October 26, 1970
84 Stat. 1128, 15 U.S.C. § 1681 to 1681u
- The Fair Credit Reporting Act (FCRA) regulates consumer reports and consumer reporting agencies (15 U.S.C. § 1681 et seq.). Since the original FCRA’s passage in 1970, various amendments have altered the standards used for the collection and dissemination of credit information. The Consumer Credit Reporting Reform Act of 1996, amended the FCRA to expand the ability of companies to share consumer reports among affiliates if it is clearly disclosed to the consumer, and the consumer has had a chance to opt-out, prior to the actual disclosure. The next major overhaul was the Fair and Accurate Credit Transactions Act of 2003 (see above).
2. Truth in Lending Act
P.L. 90-321 (Title I § 104)
May 29, 1968
82 Stat. 147, 15 U.S.C. § 1601
- The Truth in Lending Act limits liability for fraudulent credit card charges to $50.00, in most situations. It also requires “meaningful disclosure” of key information in any consumer credit transaction (15 U.S.C. § 1601).
3. Electronic Fund Transfer Act
P.L. 95-630 (Title XX § 2001)
November 10, 1978
92 Stat. 3728, 15 U.S.C. § 1693 et seq.
- The Electronic Fund Transfer Act provides a basic framework of the rights, liabilities, and responsibilities of parties involved in making electronic fund transfers. It grants consumers protections when using a credit or debit card for financial transactions (15 U.S.C. §1693).
4. Fair Credit Billing Act
P.L. 93-495 (Title III)
October 28, 1974
88 Stat. 1511, 15 U.S.C § 1666 et seq.
- The Fair Credit Billing Act establishes procedures for resolving billing errors on credit card accounts when the consumer reports such unauthorized activity within certain time frames (15 U.S.C. § 1666)
II. Sources for Further Research
Best, R. A. (2004). Identity Theft: A Legal Research Guide. Buffalo, NY: William S. Hein & Co.
Manz, W. H. (2005). Federal Identity Theft Law: Major Enactments of the 108th Congress. Buffalo, NY: William S. Hein & Co.
Menninger, K. (2005). Identity Theft and Other Misuses of Credit and Debit Cards. American Jurisprudence Proof of Facts 3d, 81:113.
Newton, M. (2004). The Encyclopedia of High-Tech Crime and Crime-Fighting. New York, NY: Checkmark Books.
Fischer, L.R. The Law of Financial Privacy. Austin, TX :A.S. Pratt & Sons.
Law of Internet Security and Privacy. New York, NY: Aspen Law & Business.
Cronin, K.P. & Weikers, R.N. Data Security and Privacy Law: Combating Cyberthreats. St. Paul, Minn: Thomson/West.
Consumer Credit Guide. Chicago, Ill: CCH.
1. Non-Profit Groups
Non-profit organizations produce a large quantity of work on identity theft. Consumer advocates and privacy groups have a special interest in the protection of an individual’s good credit and financial information.
American Association of Retired Persons: Credit and Debit
Call For Action: Identity Theft
Consumers Union: Money: Identity Theft
Electronic Privacy Information Center
Identity Theft Resource Center: A Non- Profit Organization
NCJRS: Identity Theft Spotlight
National Association of Consumer Advocates
Privacy Rights Clearinghouse: Identity theft
Public Interest Research Group (PIRG): Credit Report and Identity Theft
2. Federal Government Agencies
There are 5 main federal non-judicial agencies that have a role in deterring or prosecuting identity theft. Since all five agencies have significant statutory mandate in this area, they maintain websites that contain information for citizens, statistical reports and other materials.
b) Social Security Administration
Identity Theft and Your Social Security Number
National Criminal Justice Reference Service: In the Spotlight: Identity Theft
d) The Department of the Treasury
f) Other Federal Resources
FDIC: Consumer Alerts – Identity Theft
Better Business Bureau: Identity Theft US Department of Education: Reduce Your Risk
Office for Victims of Crimes: Identity Theft
FBI & NWCC: Internet Fraud Complaint Center
National Crime Prevention Council
3. Statutes and Pending Legislation
Identity Theft: A Bibliography of Federal, State, Consumer and News Resources (LLRX)
Identity Theft: State Statutes (National Conference of State Legislatures) Outline of State Consumer Notification Laws (Gibson Dunn) and
Accompanying article, Security Breach Notifications: a State and Federal Law Maze
States Tackle Identity Theft (The Council of State Governments: Eastern Regional Council) States with Security Freeze Laws (Consumers Union) Summary of State Security Freeze and Security Breach Notification Laws (State PIRG)
b) Resources for Tracking Proposed Legislation
Security Breach Bills in the State Legislatures Plus New York City (Virtual Chase) Increased Social Security Number Legislation (National Conference of State Legislature) Financial Privacy Legislation (National Conference of State Legislatures) States with Security Freeze Bills (The Consumers Union)
D. Resources for Keeping Current
1) Free Journals and Newsletters
BNA’s Internet Law News
Crypto-Gram Epic Alert Digital ID World
2 ) Subscription Based Newsletters and Journals
Consumer Credit Report Summary (CCH) Computer Technology Law Report (BNA) E-Commerce Law Daily (BNA) Electronic Commerce & Law Report (BNA) Financial Privacy Law Report Summary (CCH) Mealey’s Privacy Watch (LexisNexis/Mathew Bender) Privacy & American Business (Center for Social & Legal Research) Privacy & Information Law Report (Glasser LegalWorks) Privacy & Security Law Report (BNA) Privacy Law Watch (BNA) Privacy Journal (Robert Ellis Smith) Privacy Times (Evan Hendricks)
3) Blogs & News Sources with RSS Feeds
• beSpacific: ID Theft Archives
Feed URL: http://www.bespacific.com/index.rdf
• The Daily Caveat: An Investigator’s Perspective
Feed URL: http://www.caveat.net/blog/atom.xml
• PI news Link: Articles of Note for the Investigator
Feed URL: http://yourpinews.blogspot.com/atom.xml
• Computerworld: Security Knowledge Center
Feed URL: http://www.computerworld.com/news/xml/0,5000,73,00.xml
• CNET News.com | Security >> Privacy & data protection
Feed URL: http://news.com.com/2547-1_3-0-5.xml
• Consumers Union
Feed URL: http://www.consumersunion.org/index.xml
Consumer Union Weblog, The Scribbler
Feed URL: http://www.consumersunion.org/scribbler/index.rdf
• ConsumerAffairs.com News Service
Feed URL: http://www.consumeraffairs.com/rss/feed.xml
• CIO.com – Cybercrime/Hacking
• Bank Systems & Technology (part of Information Week Media Network)
Feed URL: http://www.financetech.com/rss/all_bt.jhtml
• Emergent Chaos: Musings from Adam Shostack on security, privacy, and economics
Feed URL: http://www.emergentchaos.com/index.rdf
• Gartner Research: Security and Privacy
Feed URL: http://www3.gartner.com/research/focus_areas/rss/asset_48267.xml
• Payments News
Feed URL: http://www.paymentsnews.com/atom.xml
• Privacy.org – The Source for News, Information, and Action
Feed URL: http://www.privacy.org/index.rdf
• The Register: Identity News for the world
Feed URL: http://www.theregister.co.uk/security/identity/headlines.rss
• Secure ID: News and Information on Identification Technology
Feed URL: http://www.secureidnews.com/index.xml
• Slashdot: Security Stories
Feed URL: http://slashdot.org/rss/slashdot.rss
Feed URL: http://www.scamsafe.com/scamsafe/atom.xm l
• The Virtual Chase: Research News
Feed URL: http://www.virtualchase.com/RSSFeeds/tvcalert_rss.xml
• Techdirt: Scams
Feed URL: http://www.techdirt.com/techdirt_rss.xml
• GovTrack.us: Identity Theft
Feed URL: http://www.govtrack.us/congress/subjects.xpd?type=crs&term=Identity%20theft
III. Topical List of Selected Articles and Publications
Allison, S. F. H., Schuck, A. M., & Lersch, K. M. (2005). Exploring the Crime of Identity
Theft: Prevalence, Clearance Rates, and Victim/Offender Characteristics. Journal of Criminal Justice, 33(1), 19.
Gerard, G. J., Hillison, W., & Pacini, C. (2004). Identity Theft: The US Legal Environment
and Organisations Related Responsibilities. Journal of Financial Crime 12(1) 33.
Hayward, C. L. (Ed.). (2004). Identity Theft. Hauppauge, N.Y.: Novinka Books.
Katel, P. (2005). Identity Theft. The CQ Researcher Online, 15(22), 517-540 .
Retrieved 7/1/2005, from http://library.cqpress.com
Lacey, D., & Cuganesan, S. (2004). Colloquium on Identity Theft: The Role of
Organizations in Identity Theft Response: The Organization-Individual Victim
Dynamic. The Journal of Consumer Affairs, 38(2), 244.
Leary, T.B. (2005). Identity Theft and Social Security Numbers. Electronic Banking Law
and Commerce Report 9:10.
Miller, S. F. (2003). Someone Out There is Using Your Name: A Basic Primer on Federal
Identity Theft Law. Federal Lawyer 50(1): 11.
Slosarik, K. (2002). Identity Theft: An Overview of the Problem. Justice Professional
Sovern, J. (2003). The Jewel of Their Souls: Preventing Identity Theft Through Loss Allocation Rules. University of Pittsburgh Law Review, 64:
Stafford, M. R. (2004). Identity Theft: Laws, Crimes, and Victims. The Journal of
Consumer Affairs, 38(2): 201.
Sullivan, B. (2004). Your Evil Twin: Behind the Identity Theft Epidemic. Hoboken, NJ:
John Wiley & Sons.
Towle, H. (2000). Identity Theft: Myths, Methods and New Law. Rutgers Computer
and Technology Law Journal 30: 237.
B. Phishing & Other Forms of Cyber ID Theft
Brenner, S. (2004). U.S. Cybercrime Law: Defining Offenses. Information Systems
Davis, K. (2005). Can You Smell the Phish? Kiplinger’s Personal Finance 59(2): 76-80.
Finch, E. (2003). What a Tangled Web We Weave: Identity Theft and the Internet.
In Y. Jewkes (ed.), Dot.cons: Crime, Deviance, and Identity on the Internet. Cullompton, England: Willan. Retrieved on 7/29/2005 from http://www.popcenter.org/Problems/Supplemental_Material/identity_theft/Finch_2003.pdf
Gomes, L. (2005, Jun 20). Phisher Tales: How Webs of Scammers Pull Off Internet Fraud. The Wall Street Journal B:1.
Gordon-Murnane, L. (2004). Phishing. BNA’s Web Watch. Retrieved on 8/3/2005 from http://www.bna.com/webwatch/phishing.htm
Lynch, J. (2005). Identity Theft in Cyberspace: Crime Control Methods and their Effectiveness in Combating Phishing Attacks. Berkeley Technology Law Journal 20 (1):259.
Rusch, J.J. (2005, Jan). The Compleat Cyber-Angler: A Guide to Phishing.
Computer Fraud and Security 1:4-6.
Sisk, M. (2005). A Phish Story. U.S. Banker. Retrieved on 8/2/2005 from
Smith, M. (2005, Mar 16). Identity Theft: The Internet Connection. Congressional
Research Service. Retrieved on 7/12/05 from http://fpc.state.gov/documents/organization/45263.pdf
C. Credit Law & Credit Bureaus
Consumer Federation of America. (2002). Know Your Score! Retrieved on 7/2/2005
Consumers Union. (2004) How Do I Order My Free Annual Consumer Credit Reports?
Retrieved on 7/2/2005 from http://www.consumersunion.org/creditmatters/creditmattersfactsheets/001624.html
Cassady, A. and Mierzwinski, E. (2004, Jun) Mistakes Do Happen: A Look at Errors in
Consumer Credit Reports. National Association of State PIRGs. Retrieved on
7/1/2005 from http://uspirg.org/reports/MistakesDoHappen2004.pdf
Couch, C.P. (2002). Forcing the Choice between Commerce and Consumers:
Application of the FCRA to Identity Theft. Alabama Law Review 53: 583.
Electronic Privacy Information Center (2004). Credit Scoring. Retrieved on 7/1/2005
Gollinger, J. and Mierzwinski, E. (1998, Mar). Mistakes Do Happen: Credit Report
Errors Mean Consumers Lose. Public Interest Research Group. Retrieved on
7/1/2005 from http://uspirg.org/reports/mistakesdohappen3_98.pdf
Holt, T. J. (2004). The Fair and Accurate Credit Transactions Act: New Tool to Fight
Identity Theft. Business Horizons 47(5): 3.
Linnhoff, S., & Langenderfer, J. (2004). Identity Theft Legislation: The Fair and
Accurate Credit Transactions Act of 2003 and the Road Not Taken. The Journal of Consumer Affairs 38(2): 204.
D. Data Brokers & Breaches of Security
Ackerman, L. and Pierce, D. (2005). Data Aggregators: A Study of Data Quality and
Responsiveness. Privacy Activism. Retrieved on 8/3/2005 from
Brooks, N. (2005). Data Brokers: Background and Industry Overview. Congressional
Research Service. Retrieved on 7/12/05 from http://www.opencrs.com/rpts/RS22137_20050505.pdf
Burcum, J. (2005, Jul 2). For Sale: Your data. The Cincinnati Post. Retrieved on
7/2/2005 from http://news.cincypost.com/apps/pbcs.dll/article?AID=/20050702/BIZ/507020309/1001
ChoicePoint Chronology. Electronic Privacy Information Center. Retrieved on
7/12/05 from http://www.epic.org/privacy/choicepoint/default.html
ChoicePoint Data Security Breach: What It Means for You and How to Find Out
What ChoicePoint Knows about You. (2005, Feb 19). Privacy Rights Clearinghouse. Retrieved on 7/1/2005 from http://www.privacyrights.org/ar/CPResponse.htm
Claburn, T. (2005, Feb 17). Law Requires ChoicePoint To Disclose Fraud.
InformationWeek. Retrieved on 7/1/2005 from http://www.informationweek.com/story/showArticle.jhtml;jsessionid=SP01BJW4XJBX2QSNDBCSKHSCJUMEKJVN?articleID=60401882
Gordon-Murnane, L. (2005). Data Security Breaches and Consumer Notification.
BNA’s Web Watch. Retrieved on 8/3/2005 from http://www.bna.com/webwatch/databreaches.htm
Hildebrand, M. J. & Klosek, J. (2005). Recent Security Breaches Highlight the
Important Role of Data Security in Privacy Compliance Programs. Intellectual Property & Technology Law Journal, 17(5), 20.
Pike, G. H. (2005, May 1). Privacy and the Database Industry. Information Today 22:5.
PriceWaterHouseCoopers. (2005) Identity Theft and security Breach Notifications:
Reporting on Request. Retrieved on 7/20/2005 from
Roth, D. & Mehta, S. (2005). The Great Data Heist: Why Can’t Corporations Keep
Their Customers’ Personal Data Secure? Fortune, 151(10): 66.
Rubin Henderson, B. (2004). Hey, That’s Personal: When Companies Sell Customer
Information Gathered through the Internet. Business Law Today 14:13.
Sahadi, J. (2005, May 9). Your Identity… for Sale. CNN/Money. Retrieved on 7/2/2005
Smith, R.E. (2005, Mar). ChoicePoint: An Ignoble Corporate History. Privacy Journal.
Retrieved on 7/2/2005 from http://www.findarticles.com/p/articles/mi_qa3872/is_200503/ai_n13461335
Swartz, N. (2005). Database Debacles. Information Management Journal, 39(3): 20.
Welborn, A. (2005). Information Brokers: Federal and State Laws. Congressional
Research Service. Retrieved on 7/12/05 from http://www.opencrs.com/rpts/RS22087_20050517.pdf
E. Resources for Law Enforcement
Collins, J. M., & Hoffman, S. K. (2003). Identity Theft First Responder Manual for
Criminal Justice Professionals : Police Officers, Attorneys, and Judges.
Flushing, N.Y.: Looseleaf Law Publications.
Dadisho, E. (2005, Jan.). Identity Theft and the Police Response: The Problem. The
Police Chief, 72:1. Retrieved on 6/30/2005 from http://www.policechiefmagazine.org/magazine/index.cfm?fuseaction=display_arch&article_id=493&issue_id=12005
Dadisho, E. (2005, Feb). Identity Theft and the Police Response: Prevention. The
Police Chief, 72:2. Retrieved on 6/30/2005 from http://www.policechiefmagazine.org/magazine/index.cfm?fuseaction=display_arch&article_id=510&issue_id=22005
Dadisho, E. (2005, Mar). Identity Theft and the Police Response: The Investigation.
The Police Chief, 72:3. Retrieved on 6/30/2005 from http://www.policechiefmagazine.org/magazine/index.cfm?fuseaction=display_arch&article_id=538&issue_id=32005
Dadisho, E. (2005, Apr). Identity Theft and the Police Response: Resources for Police.
The Police Chief, 72:4. Retrieved on 6/30/2005 from http://www.policechiefmagazine.org/magazine/index.cfm?fuseaction=display_arch&article_id=567&issue_id=42005
Gayer, J. (2003, May). Policing Privacy: Law Enforcement’s Response to Identity
Theft. California Public Interest Research Group. Retrieved on 7/1/2005 from http://calpirg.org/reports/policingprivacy2003.pdf
Kerley, K.R. & Copes, H. (2002). Personal Fraud Victims and Their Official Responses
to Victimization. Journal of Police and Criminal Psychology, 17(1), 19-35.
Newman, G.R. (2004). Problem Oriented Guides for Police: Identity Theft. U.S.
Department of Justice Office of Community Oriented Policing Services. Retrieved 8/3/2005 from http://www.popcenter.org/Problems/PDFs/Identity%20Theft.pdf
Sharp, T., Shreve-Neiger, A., & Fremouw, W. (2004). Exploring the Psychological and
Somatic Impact of Identity Theft. Journal of Forensic Sciences, 49(1), 131-136.
Schwartz, E. (2005, Mar 7). Cybercrime Crackdown. InfoWorld 27(10): 8.
F. Civil Liability & Risk Management
Baldas, T. (2005, May 12). Identity Thefts Leading to “Fear Factor” Lawsuits.
The Recorder (American Lawyer Media) 129:92.
Banks, J. (2005). Identity Theft Suits Gain Popularity with Plaintiffs: General Counsel
Brace for Increased Liability. Corporate Legal Times, 15: 164.
Fogarty, S. and Ortiz, D. (2002). Stealing the Self: Identity Theft and Restrictions on
Using and Disseminating Personal Identifiers. Markle Foundation Task Force on National Security in the Information Age. Retrieved 7/6/2005 from http://www.markletaskforce.org/documents/ortiz_082102.pdf
Franzén, T.G. and Howell, L. (2001). Financial Privacy Rules: A Step By Step Guide to
the New Disclosure Requirements Under the Gramm-Leach-Bliley Act and the Implementing Regulations. Consumer Financial Law Quarterly Report 55: 17
Gilbert, F., Kennedy, J. B., Schwartz, P. M., & Practising Law Institute. (2004). Fifth
Annual Institute on Privacy Law: New Developments & Compliance Issues in a Security-Conscious World. New York, NY: Practising Law Institute.
Hirsch, R. (2005, Jun 29). Identity Theft Litigation: ChoicePoint and the Future of
Privacy and Security Class Action Lawsuits. Electronic Commerce & Law Report 10 (26): 659-661.
Kelleher, C. (2004). The Basics on FACTA: Learn How this New FTC Rule on Document
Storage and Disposal Could Affect Your Business. Entrepreneur. Retrieved on
7/2/2005 from http://www.entrepreneur.com/article/0,4621,320700,00.html
Lepofsky, R. (2004). Preventing Identity Theft. Risk Management, 51(10): 34.
McKelvey, B. (2001). Financial Institutions’ Duty of Confidentiality to Keep Customer’s
Personal Information Secure from the Threat of Identity Theft. U.C. David Law Review 34:1077.
Murphy, M. (2003). Privacy Protection for Customer Financial Information.
Congressional Research Service. Retrieved on 7/1/2005 from http://www.epic.org/privacy/glba/RS20185.pdf
Oehlers, P. F. (2004). Identity Theft: What You Can Do to Protect Your Clients. Journal
of Financial Service Professionals 58(1): 20.
O’Rourke, M. (2005). Data Security in Crisis. Risk Management 52(5):9.
Tomes, J. P. (2005). Prescription for Data Protection. Security Management 49(4):75.
Wade, J. (2004). Personal Data Liability. Risk Management 51(5): 9.