According to the Federal Bureau of Investigation’s (FBI) Financial Crimes Report, the crime of criminal identity fraud is the involvement of the “…misuse of another individual’s personal identifying information for fraudulent purposes”.
The severity of criminal identity fraud ranges. The Rhode Island Identity Theft Protection Act is focused on serious acts of identity theft. Such acts include obtaining another individual’s personal information with the intent to compromise his or her assets. All are illegal, whether it is locally, stately, or federally.
A 2006 survey conducted by the Federal Trade Commission (FTC) stated that 255,565 Americans were victims of some type of identity fraud or theft in 2005. This figure accounts for 37% of all criminal fraud crimes reported – a staggering number of victims for the year 2005. Here we are 10+ years later, and the situation has not improved.
The Rhode Island Identity Theft Protection Act
The State of Rhode Island and the Providence Plantations recently amended the Rhode Island Identity Theft Protection Act. The changes became effective on June 26, 2016. Data security measures and breach notification laws have now changed. View the document here.
Here are a few of the highlights:
- Rhode Island Attorney General and major credit reporting agencies must be notified of any breaches affecting 500+ residents
- Businesses must destroy secure information of clients. Secure information can only be kept for the duration of the services provided.
- Protecting personal information of Rhode Island residents is a requirement that requires maintained policies and procedures.
- “Personal information” now includes all of the following: social security number; driver’s license number or state/tribal identification number; bank account numbers; credit or debit card numbers; medical or health insurance information; email addresses provided with passwords that allow access to personal information
- Data must now be encrypted in, “a form in which there is a low probability of assigning meaning without use of a confidential process or key.”
Title 18: Part I – Chapter 47, Section 1028b of the United States Sentencing Commission’s Identity Theft Report, states that the sentencing guidelines for one count of the crime of identity fraud are a fine which depends on the severity of the crime and/or imprisonment for a maximum of one, three, or five years depending on the particular circumstances of the offense.
The punishments were made more severe in 1998 with the implementation of the Identity Theft and Assumption Deterrence Act. This legislation made the crime of identity theft punishable by a maximum $250,000 fine and/or a maximum of 15 years in federal prison, per count.
The expansion of the Rhode Island Identity Theft Protection Act is important for all Rhode Island businesses. Are you compliant with the new regulations? If not, then your business could face some serious penalties. Consult a reputable and local IT security company to go over your policies and practices. A simple audit could help save your business thousands of dollars of penalties.