Identity theft

Background
Identity theft is a form of fraud in which the personally identifiable information of an individual, such as a Social Security number, name, or date of birth, is co-opted by another person to facilitate committing a criminal or fraudulent act by impersonating the victim. Identity theft, also sometimes referred to as identity fraud, does not usually occur as a stand-alone crime. Instead, identity theft is often committed as part of some other fraud or white-collar crime, including fraud on existing accounts &mdash; such as unauthorized use of a stolen credit card number &mdash; or fraudulent creation of new accounts &mdash; such as using stolen data to open a credit card account in someone else’s name. An identity thief could also take other actions on behalf of the victim, such as establishing residency/citizenship, securing employment, obtaining government benefits, and committing other crimes in the victim’s name. In addition, identity theft can play a facilitating role in potentially more violent crimes such as drug trafficking, people smuggling, and international terrorism.

Identity theft can happen in a variety of ways, but the basic elements are the same. Criminals first gather personal information, either through low-tech methods such	as stealing mail or workplace records, or “dumpster diving,” or through complex and high-tech frauds such as hacking and the use of malicious computer code. These data thieves then sell the information or use it themselves. While identity theft is not solely an Internet issue, a number of high profile data security breaches involving the personally identifiable information (PII) of citizens and consumers has drawn significant attention to the issue.

According to FTC, millions of Americans have their identities stolen each year. Roughly 85% of these cases involve the misuse of existing accounts and 35% involve new account creation or other fraud. (Twenty percent of the total involve both.)

Federal Legislation
Several laws restrict the disclosure of consumer information and require companies to ensure the security and integrity of the data in certain contexts:


 * Section 5 of the FTC Act
 * Fair Credit Reporting Act of 1970 (FCRA), and
 * Title V of the Gramm-Leach-Bliley Act.

Congress also has passed several laws specifically related to identity theft:


 * 1998 Identity Theft and Assumption Deterrence Act
 * 2003 Fair and Accurate Credit Transactions Act (FACT); and
 * 2004 Identity Theft Penalty Enhancement Act.