Identity Theft: How It Might Affect Your Business

By Donna Ray Chmura and Mark O. Costley

Identity theft occurs when someone uses your personal information without your permission to commit fraud or other crimes. Until recently, victims of identity theft had little legal recourse against the perpetrators and faced bureaucratic nightmares in repairing their credit and reputations.

On Sept. 21, 2005, North Carolina passed the Identity Theft Protection Act of 2005, ("ITPA" or "the Act"), one of the most stringent and far-reaching identity theft laws in the nation. The act regulates the treatment and storage of personal information, to help prevent third parties from using the personal information of others for their own gain.

To prevent unauthorized disclosure of personal information, ITPA imposes three relevant new burdens upon businesses. These rules apply to all forms of personal information, from paper files to computer files.

First, businesses must notify consumers in the event of a security breach of a consumer's personal information unless the personal information has been encrypted or redacted in a manner that renders the information unusable or unreadable to third parties. Second, the Act generally prohibits businesses from disclosing a consumer's Social Security number ("SSN"). This prohibition is relevant to all facets of a business - from employee records to customer databases to the distribution of paychecks. Third, businesses must develop and implement a policy to destroy records containing personal information or contract with a third party in the business of destroying personal records.

The penalties for noncompliance with ITPA can be severe. Lawsuits brought by the attorney general can result in statutory damages of up to $5,000 per violation - even without any showing of injury to a consumer - if a business knowingly commits a violation of ITPA. Private lawsuits brought by consumers may result in treble damages and attorneys' fees upon a showing of actual injury. The prospect of class action lawsuits is real.

"Personal information" is defined as (1) a consumer's first name or first initial and last name and (2) one or more of the following:

  • Social Security or employer identification number
  • Driver's license, passport, or state identification number
  • Checking or savings account number
  • Credit or debit card number
  • Personal identification number (PIN)
  • Digital signatures
  • Biometric data
  • Fingerprints
  • Passwords
  • Parent's last name prior to marriage
  • Electronic information numbers or e-mail names or addresses, Internet account numbers, or Internet identification names Any other number or information that can be used to access a person's financial resources.

    • For more information on how this law affects your business, please contact Bill Lambe or Donna Chmura at (919) 493-8411.

    Copyright 2005 Walker, Lambe, Rhudy & Costley, P.L.L.C


    Archive
  • What Is a Trademark?

    • © 2008 Walker, Lambe, Rhudy & Costley, PLLC

    240 Leigh Farm Road, Suite 100, Durham, NC 27707 ♦ 102 Market Street, Suite 105, Chapel Hill, NC 27516
    P.O. Box 51549, Durham, NC 27717-1549

    Durham Phone: (919) 493-8411 ♦ Chapel Hill Phone: (919) 967-3889
    Disclaimer

    Web Template created with Artisteer.