WA Business Magazine Current Issue Previous Issues Advertise in our magazine! About AWB Overview Directions to AWB Awards AWB Staff Committees & Councils Demographics Employment Opportunities Membership Overview Helping Members Return on Investment Future Earnings WISHA Offer Upcoming Events Calendar Policy Summit Seminars Products & Services Overview Health Benefits Workers' Comp Refunds Media Services Seminars AWB Freight Certificate Programs AWB Online Store Business Directory Members Login  Last Name:  Office: - Select Office - State Senate State House U.S. Senate U.S. House Statewide Offices  District: Find Your District   - Select District - 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49   Home  /  Washington Business - September/October 2005  /  Legal Matters: Confronting Identity Theft is at the Forefront of New Laws Legal Matters: Confronting Identity Theft is at the Forefront of New Laws Written On: September/October 2005 Written By: by Kris Tefft - AWB General Counsel Discovering and combating unauthorized access and use of one's personal information — "identity theft" — is one of the hot business law issues of the year. After several high-profile national organizations disclosed breaches of consumer databases, concerns have grown about the safety and security of personally identifying information in commercial transactions. Congress, federal agencies and many states, including Washington, have begun a legislative response to the phenomenon — and many of these proposals directly affect business. The Federal Trade Commission defines identity theft as "someone appropriating your personal information without your knowledge to commit fraud or theft." Typically, an identity thief steals someone’s Social Security number or other personal identification, and uses it to obtain a credit card in that person’s name or to commit some other crime. This problem is a particularly serious matter in Washington, where last year, according to the FTC, 5,654 identity-theft complaints were lodged, making Washington the eighth-highest state overall in the nation in identity theft. What creates a big target for identity thieves is a large database of personally identifying consumer information — names, credit card numbers, social security numbers — that a company has online to assist in consumer transactions. Just this year, ChoicePoint, LexisNexis and Mastercard all reported significant breaches of personal information within their databases of consumer information. Washington passed one of the more aggressive identity theft laws in the country in 2001. That law made any identity theft loss of over $1,500 a Class-B felony to deter would-be thieves and equip prosecutors to seek tough sentences for identity theft. The law also requires businesses to provide victims with information about fraudulent transactions made in their names and provides that businesses refusing to provide information may be required to pay damages and a $1,000 penalty for willful violations. In the last legislative session, the Legislature beefed up its response to identity theft by enacting several new laws affecting business and consumer transactions: Senate Bill 6043: After taking effect in late July, this new law requires any Washington business that owns or licenses consumer data to notify all consumers in the event its database suffers a security breach. The failure to issue timely notification can result in civil liability and regulatory penalties. Senate Bill 5418: This law allows identity theft victims to place a security freeze on their credit report. Once frozen, credit bureaus are prohibited from releasing information without permission. The freeze blocks new lines of credit from being opened in the victim's name. In order to place a security freeze, however, the victim must first file a police report, then send a request by certified mail to a credit bureau. House Bill 1888: This law amends the state’s spam statute to specifically prohibit "phishing" scams, in which identity thieves try to trick consumers out of personal information by sending e-mails that appear to come from a business, such as a bank or online auction site. The law makes it illegal for a person to misrepresent his or her identity in order to solicit personal information online. Businesses affected by such fraud can bring a civil action in Superior Court to seek up to $5,000 or actual damages. An individual may recover up to $500 or actual damages, whichever is greater. Courts may increase the damages up to three times for repeat offenders. These new laws place Washington at the forefront of the nationwide response to identity theft. Because of the rights and responsibilities several of the laws place on Washington businesses, firms should take another look at security policies and infrastructure protecting corporate data. Monitoring security is essential if the firm maintains databases of consumer information. Failing to take simple steps in database security today can lead to lawsuits and penalties down the road — not to mention heartache and headaches for consumers doing business with you.

Association of Washington Business
PO Box 658 1414 Cherry St. SE
Olympia, WA 98507
(360) 943-1600