Identity theft has plagued thousands of Americans over the years. If such an issue is not taken seriously, it can lead to dire financial situations and ruin one’s reputation as well. However, if you are falsely accused of identity theft, you should seek a professional attorney who can help you with your case. Phoenix Criminal Attorney matches the requirements and expectations needed for such cases.
Arizona Identity Theft Laws
There are a couple of laws that are related to identity theft in Arizona. This article will focus on the following codes in detail:
- ARS 13-2008
- ARS 44-7701
- ARS 44-7501
- ARS 13-4440
- ARS 44-1698
ARS 13-2008 – Taking the Identity of Another Person
Under this law, four aspects are explained or considered. These aspects are described in the following subsections:
ARS 13 -2008 (A) – Explanation of Identity Theft
Identity theft is considered as the act of taking another person’s identity. It also considers a knowingly act of possessing, using, manufacturing, or recording the identification information of another person or entity, without consent of the person or entity. Identity theft is also explained as the act of obtaining another person’s or entity to cause a loss. This applies regardless of the entity or person incurring loss or not as a result of the offense. It can also include the intention of obtaining or continuing with employment under the pretense of another person’s identity.
ARS 13 -2008 (B) – Peace Officer’s Involvement in Identity Theft
A peace officer should take a report of the identity theft located within the location of his or her jurisdiction. Also, the peace officer should provide a copy of the report to another law enforcement agency operating within the area of the offense.
ARS 13 -2008 (C) – Exception in Identity Theft
Under this subsection, ARS 13-2008 does not consider anyone below the age of twenty-one years as provided under ARS 4-241.
ARS 13 -2008 (D) – Penalties for Identity Theft
Taking another person’s identity is a class 4 felony.
ARS 44-7701 – Retaining Customer’s Information
Under this law, several aspects are explained. These elements are explained under each of the following subsection:
ARS 44-7701 (A) - Retailer’s Usage of Information
Under this subsection, a retailer can use customer information provided in the driver’s license or any other state-issued identification for:
- Verifying the age of the customer
- establishing the identity of the customer
- ascertaining whether the customer has the proper license needed to operate a motor vehicle or any other means of transport on a public road
The retailer can also use the information to disclose information to the following:
- The department of transportation
- Notable public personnel pursuant of ARS 41-319
- A licensed person according to title 20
- A business to evaluate the creditworthiness, check the account’s collective activity and detecting any fraud
- A financial institution that has federal permission
ARS 44-7701 (B) - Exception in Usage of Customer’s Information
Apart from the entity or people provided above, the retailer should not disclose the customer’s information to a third party for any given purpose. However, one can reveal the information to a law enforcement agency if it is intended to be used in a law enforcement investigation.
ARS 44-7701( C) - Permission
The section allows the disclosure of another person’s information during an administrative or a court proceeding.
ARS 44-7701 (D) - Enforcement
This section can be enforced by the county attorney within the county that the jurisdiction occurred and the attorney general. Once the victim has filed an identity theft violation with the law enforcement department, one has the liberty to send a copy of the notice to the county attorney. The county attorney can help in recovering the cost and attorney fees. Also, the attorney general is at liberty of enforcing the penalties described in this section.
On the other hand, the attorney general has the liberty of acting per ARS 44-1522 following an identity theft offense.
ARS 44-7701 (E) - Civil Penalty
Violation of any of the restrictions imposed on subsection A can lead to a civil penalty. The civil penalty should not exceed:
- $ 500 for a first-time violation
- $ 1,000 for a second-time violation
- $ 5,000 for a third-time violation
ARS 44-7501 – Notifying a Security Breach
Several requirements follow after the breach of information. These requirements are provided under the subsections provided below.
ARS 44-7501 (A) – What to Do After a Data Security Breach
Under this subsection, anyone conducting a business in Arizona and learns about an incident of access or acquisition of personal information should conduct a prompt investigation on the same. If the person learns that there has been a security breach, he or she is obliged to inform the affected individuals.
The notice must be made expediently and without delay to the requirements of a relevant law enforcement agency. The agency has the responsibility of assessing the nature of the breach, identifying the identity of the affected individuals, and restoring the integrity of the data system.
ARS 44-7501( B) – Learning about a Security Breach as a Second Party
Under this subsection, anyone who learns about a breach of the data system should notify and promptly cooperate with the information’s licensee or owner. Cooperation should include sharing any relevant information that is related to the breach of the system with the licensee or owner.
On the other hand, the license owner should provide a notice to the pursuant of this section. However, any third-party responsible for maintaining data under an agreement with the licensee or owner should not notify the pursuant unless instructed otherwise.
ARS 44-7501 ( C) - Delay of Notification
Under this subsection, the notification that is required to be made under subsection A can be delayed if a law enforcement agency learns that the notification might affect a criminal investigation on the breach. Therefore, the person should make a notification if the law enforcement agency confirms that the notification will not compromise the investigation in any way.
ARS 44-7501 ( D) – Methods of Disclosure of Notification to Affected Individuals
Under this subsection, there are specific methods that can be used to notify affected individuals about a breach of their data. These options are as follows:
- Written notice
- Electronic notice, if the primary method used by the individuals and the owner or licensee of the information was automated. The provided automatic approach should be consistent with the regulations contained in the United States Code section 7001, 114 Stat.464, and P.L 106-229
- Telephone notice
- A substitute notification method if the primary method used by the owner or licensee of information might exceed a cost of $ 50,00 or the affected individuals exceed 1000 people, or there is insufficient information about the affected person. The licensee or holder of information can utilize alternative methods such as their website, nationwide media, and electronic mail.
ARS 44-7501 (E) – Maintaining Notification Procedures as Part of Data Security Strategy
Under this subsection, anyone who maintains the notification procedure of security breach as a security policy and is consistent with this decision is considered to be compliant with the notification. Also, the person in charge of maintaining the information should notify the subject individuals according to the licensee or holder’s policies related to a breach of data.
ARS 44-7501 (F) – Compliance to the Notification requirement
Under this subsection, anyone can comply with the conditions provided for the notification or undertakes relevant security breach measures as established by an appropriate regulatory authority or the licensee.
ARS 44-7501 (G) – Refraining from Disclosure
Under this subsection, one is not required to reveal a security breach of a system if the law enforcement or person in charge of the system realizes that the violation did not occur and has no possibility of happening. This should be reached upon after a thorough investigation of the allegation.
ARS 44-7501 (H) – Involvement of the Attorney General
For this subsection, the attorney general can enforce this section. In this case, the attorney has the liberty of bringing into an action that will determine actual damage to a willful and knowing violation of this section. The attorney general can also oversee a case that does not exceed $10,000 as a civil penalty and a series of breaches that were revealed through a single investigation.
ARS 44-7501 (I) – State Legislature Role in this Section
The state legislature has the mandate of determining whether notifying individuals through the state media is a concern. Therefore, the obligation to regulate notification of security breach is preempted from county laws, ordinances, chargers, and other rules that are under a regulation under this chapter.
ARS 44-7501 ( J) – Exemptions of the Section
Under this subsection, some people are not subjective to this section and includes:
- Anyone that is subjected to Graham – Leach- Billey’s title V
- Entities that are defined under regulations that implement the accountability and portability of health insurance under the Federal Regulations section 160.103 (1996).
ARS 44-7501 (K) – Information Security Policies
Under this subsection, any authority that deals with other people’s information such as the prosecution agency, municipal police department, and the county sheriff’s department should have relevant information security policies. This includes procedures that they should use in the notification of a breach of a security system.
ARS 13-4440 – Petitioning for Factual Innocence
Three subsections support this section of Arizona laws. These subsections are as follow:
ARS 13-4440 (A) – Victims’ Right
This subsection provides the right that a victim has over any proceedings related to factual innocence that is according to section 12-771. Under this subsection, the victim has the right to be present and heard in such proceeding.
ARS 13-4440 (B) – Details in the Written Notice
If a prosecuting agency is expected to provide a written notice, it should consider the following:
- The date, time and location of the trial
- The right of the victim to be heard and present in the trial
ARS 13-4440 (C) – Factual Innocence Under Section 12-7771
If the court decides to proceed with a factual innocence under section 12-771, the prosecuting agency should deliver a copy of the court order within fifteen days once the order has been entered.
ARS- 44-1698 – Security Freeze
In a security freeze, a consumer can prevent the access of his or her information by creditors or any other interested party. It also prevents you or another person from opening an account using your information. Several subsections provide details about this section. These subsections are as follows:
ARS- 44-1698 (A) – Consumer Authorization of Credit Freeze
Under this subsection, consumers can authorize a security freeze of his or her credit report in writing or any form acceptable to relevant agencies. If the security freeze has been made in effect, the consumer credit report or credit score cannot be released to a third party without prior authorization by the user. This subsection does not prohibit a consumer report agency from authorizing the security freeze on its behalf.
ARS- 44-1698 (B) - Security Freeze Timeline
Under this subsection, the security reporting agency is required to place a security freeze on the credit report of its consumer within ten business days after getting the request from the agency.
ARS- 44-1698 (D) – Response towards a Consumer’s Security Freeze Request
For this subsection, the consumer reporting bureau is expected to respond towards a consumer’s request towards a security freeze within ten business days. The response should include a unique identification password or number that the consumer can use to sanction a report of his or her consumer report or remove the security freeze. The ID number or password should be anything else apart from the social security number of the consumer.
ARS- 44-1698 (E) – Requirements for a Security Freeze Removal
Once a consumer has requested the removal of a security freeze, he or she must provide the following:
- Proper identification information
- The password or unique identification number provided by the user reporting bureau
ARS- 44-1698 (F) – Request for a Temporary Lift on the Freeze
Similar to the provisions under subsection E, once a customer requests a temporary lift on the security freeze, he or she must give the following information:
- Correct identification
- The unique ID number or password provided by the user reporting bureau
ARS- 44-1698 (G) – Consumer Report Agency’s Removal of a Security Freeze
Under this subsection, the consumer report agency is expected to do away with a security freeze temporarily within:
- Three business days following the consumer’s request for removal or temporary lift of the security freeze
- Fifteen minutes after receiving the request through the internet, telephone call, or any other electronic method that is acceptable to the agency and is requested within regular business hours.
There are specific instances that can delay the agency from the lift within fifteen minutes. These aspects are as follows:
- An act of God such as storms, earthquake, fire or any disaster or phenomena
- An illegal act by a third party such as riot, vandalism, labor strike, terrorism or disputes
- Interruption of the operation. This includes an unanticipated delay of the required equipment, electrical failure, and hardware or software failure
- Government actions that might disrupt any operation. This includes emergency orders or a law enforcement action
- Routine scheduled maintenance of the agency’s consumer reporting system during business hours
- Reasonable maintenance that results from an unexpected event that affects the agency
- Recipient of the request within non-business hours
ARS- 44-1698 (H) – Conditions for Temporary Lift on a Security Freeze
In this subsection, the consumer reporting bureau is expected to remove or temporarily lift a security freeze on the consumer’s credit report under the following cases:
- If the consumers request per subsection E or F
- If the freeze was considered as a result of material misinterpretation of facts. In that case, the consumer reporting bureau should notify the user about the removal through the internet, telephone, or mail
ARS- 44-1698 (I) – Disclosure of the Temporary Lift or Removal of Security Freeze
Under this subsection, the consumer reporting bureau should disclose relevant information related to the removal or temporary lift of the security freeze within a specific time. The data is expected to allow access to the consumer’s credit report while the freeze is still in place.
ARS- 44-1698 (J) – Third-Party Involvement In a Security Freeze
For this subsection, a third party should consider an application such as a credit as incomplete if there is no access to the consumer’s credit report within a specific period.
ARS- 44-1698 (K) – Charges Related to Security Freeze
Under this subsection, a consumer reporting bureau can apply five dollars charge on security, its removal, or a temporary lift. However, it should not charge any fee to an identity theft victim and has a valid police report supporting the same.
ARS- 44-1698 ( L) – Change of Information on a Security Freeze
If there is a security freeze in place, the consumer reporting bureau is not required to make any changes to the consumer’s social number or address without sending a written confirmation about the change within a month after posting about the change on the consumer’s file.
The written confirmation does not apply during the modification of official information such as street abbreviations, names, transposition of letters and numbers, and complete spelling. Such information is required to be sent in written confirmation to the consumer’s recent and past addresses.
Find a Phoenix Criminal Lawyer Near Me
Arizona identity theft laws are complex. It requires the intervention of a professional criminal defense attorney to handle the legal procedure that follows after an identity theft allegation. You should be careful with the attorney that you pick since not every attorney at your disposal is reliable enough. Phoenix Criminal Attorney has achieved the credibility and experience needed to handle any identity theft cases. If you are in Phoenix, AZ, contact us at 602-551-8092 and let us handle your case.