In response to the rise in identity theft, the Washington legislature passed several bills that address security breaches, access to credit reports, and Internet scams such as "phishing" which take affect this week.
"Washington is at the forefront of dealing with privacy concerns and identity theft," he continued. "Last session, the state Legislature passed several important laws that make it harder for identity thieves to operate in our state and easier for consumers to protect their personal information.
"These laws are a good foundation for addressing complex issues, but no one agency or business can prevent all fraud. The Attorney General's Office is committed to helping stop identity theft before it happens by educating consumers. We are also a resource for local prosecutors who bring these criminals to justice.
"During the coming year, I will dedicate my office's support and financial resources to bring together partners from the public and private sectors to develop specific recommendations and strategies to fight and prevent identity theft," McKenna said.
The bills that go into effect this week are SBs 6043, 5418, 5939 and HBs 1012, 1888, 1185. The first of these, Senate Bill 6043 deals with security breaches and requires agencies and businesses that own and license digital data to provide prompt notification in the event of a security breach in which personal information is compromised.
The law is the legislature's answer to the ChoicePoint security breach, in which thieves posing as legitimate businesses were able to get access to personal information on nearly 145,000 consumers, more than 3,000 of them from Washington. At the time the theft was detected, California was the only state that required companies to notify consumers of such incidents.
McKenna said the Attorney General's Office will is working with businesses and other government agencies in order to better clarify what sort of security infringements need to be reported under this law.
The next bill, Senate Bill 5418, allows identity theft victims to place a security freeze on a credit report, thereby prohibiting credit bureaus from releasing information without permission. The victim must first file a police report then send a request by certified mail to a credit bureau. Identity thieves often will try to open new credit accounts in a victim's name, and merely placing an "alert" on one's account does not block new credit cards from being issued as a freeze would.
House Bill 1012 cracks down on spyware, software that surreptitiously monitors a computer user's actions. The law makes it illegal for anyone to transmit software to another computer without the owner's knowledge or to falsely entice someone to download software. It prohibits an unauthorized person from installing software that would take control of a consumer's computer, modify its security settings, collect the user's personal identification information, interfere with its own removal, or otherwise deceive the authorized user.
Violators can be fined actual damages or up to $100,000, whichever is greater. The court may increase those damages by threefold for repeat offenders, up to a maximum of $2 million.
McKenna said Washington is one of the first states in the country to pass legislation to help stop this widespread consumer problem.
The next law prohibits phishing. House Bill 1888 amends the state's spam statute to specifically prohibit "phishing" scams, in which identity thieves try to trick consumers out of personal information by sending e-mails that appear to come from a business, such as a bank or online auction site. The law makes it illegal for a person to misrepresent his or her identity in order to solicit personal information online.
Businesses affected by such fraud can bring a civil action in Superior Court to seek up to $5,000 or actual damages. An individual may recover up to $500 or actual damages, whichever is greater. Courts may increase the damages up to three times for repeat offenders.
Again, Washington was one of the first states in the country to enact a law like this, McKenna said.
House Bill 1185 prohibit the disclosure of personal wireless telephone numbers. The bill requires a wireless telephone company to obtain a subscriber's express, opt-in consent in writing or electronically before publishing a wireless phone number in a directory. Subscribers can't be charged for opting not to be listed.
Phone companies can be fined up to $50,000 for each violation. In addition, an individual may bring a civil action to seek up to $500 damages.
McKenna said the law is intended to protect consumers' privacy and reduce the chance that they will be charged for calls made by telemarketers. However, the law does not prohibit telemarketers from making unsolicited calls to wireless phones.
Consumers can prevent calls from telemarketers by listing their home and wireless phone numbers in the Federal Trade Commission's Do Not Call Registry.
Senate Bill 5939 amends Washington's identity theft statute to require police and sheriff's departments to take reports from identity theft victims. The law does not require a law enforcement agency to investigate each report. Identity theft victims are required to file police reports in order to seek certain protections such as a credit freeze.
