| HOME
> Business & Corporate Services |
By Donna Ray Chmura and Mark O. Costley
Identity theft occurs when someone uses your personal information without
your permission to commit fraud or other crimes. Until recently, victims of
identity theft had little legal recourse against the perpetrators and faced
bureaucratic nightmares in repairing their credit and reputations.
On Sept. 21, 2005, North Carolina passed the Identity Theft Protection Act
of 2005, (“ITPA” or “the Act”), one of the most stringent
and far-reaching identity theft laws in the nation. The act regulates the treatment
and storage of personal information, to help prevent third parties from using
the personal information of others for their own gain.
To prevent unauthorized disclosure of personal information, ITPA imposes three
relevant new burdens upon businesses. These rules apply to all forms of personal
information, from paper files to computer files.
First, businesses must notify consumers in the event of a security breach of
a consumer’s personal information unless the personal information has
been encrypted or redacted in a manner that renders the information unusable
or unreadable to third parties. Second, the Act generally prohibits businesses
from disclosing a consumer’s Social Security number (“SSN”).
This prohibition is relevant to all facets of a business—from employee
records to customer databases to the distribution of paychecks. Third, businesses
must develop and implement a policy to destroy records containing personal information
or contract with a third party in the business of destroying personal records.
The penalties for noncompliance with ITPA can be severe. Lawsuits brought by
the attorney general can result in statutory damages of up to $5,000 per violation—even
without any showing of injury to a consumer—if a business knowingly commits
a violation of ITPA. Private lawsuits brought by consumers may result in treble
damages and attorneys’ fees upon a showing of actual injury. The prospect
of class action lawsuits is real.
“Personal information” is defined as (1) a consumer’s first
name or first initial and last name and (2) one or more of the following:
- Social Security or employer identification number
- Driver’s license, passport, or state identification number
- Checking or savings account number
- Credit or debit card number
- Personal identification number (PIN)
- Digital signatures
- Biometric data
- Fingerprints
- Passwords
- Parent’s last name prior to marriage
- Electronic information numbers or e-mail names or addresses, Internet account
numbers, or Internet identification names
- Any other number or information that can be used to access a person’s
financial resources.
For more information on how this law affects your business, please contact
Bill Lambe or Donna Chmura at (919) 493-8411.
© 2005 Walker, Lambe, Rhudy & Costley, P.L.L.C.
|
SERVICES 
