LegiStorm

Summary:

In the current fiscal environment, policymakers are increasingly concerned with securing the economic health of the United States—including combating those crimes that threaten to undermine the nation's financial stability. Identity theft is one such crime. In 2012, about 12.6 million Americans were reportedly victims of identity fraud, and the average identity fraud victim incurred a mean of $365 in costs as a result of the fraud. Identity theft is often committed to facilitate other crimes such as credit card fraud, document fraud, or employment fraud, which in turn can affect not only the nation's economy but its security. Consequently, in securing the nation and its economic health, policymakers are also tasked with reducing identity theft and its impact. Identity theft has remained the dominant consumer fraud complaint to the Federal Trade Commission (FTC). Nevertheless, while the number of overall identity theft complaints generally increased between when the FTC began recording identity theft complaints in 2000 and 2008, the number of complaints decreased in both 2009 and 2010 before rising in 2011 and 2012. Identity theft case filings and convictions peaked in 2007 and 2008, and have generally declined since. Aggravated identity theft case filings and convictions, on the other hand, have largely continued to increase since aggravated identity theft was added as a federal offense in 2004. Congress continues to debate the federal government's role in (1) preventing identity theft and its related crimes, (2) mitigating the potential effects of identity theft after it occurs, and (3) providing the most effective tools to investigate and prosecute identity thieves. With respect to preventing identity theft, one issue concerning policymakers is the prevalence of personally identifiable information—and in particular, the prevalence of Social Security numbers (SSNs)—in both the private and public sectors. One policy option to reduce their prevalence may involve restricting the use of SSNs on government-issued documents such as Medicare identification cards. Another option could entail providing federal agencies with increased regulatory authority to curb the prevalence of SSN use in the private sector. In debating policies to mitigate the effects of identity theft, one option Congress may consider is whether to strengthen data breach notification requirements. Such requirements could affect the notification of relevant law enforcement authorities as well as any individuals whose personally identifiable information may be at risk from the breach. Congress may also be interested in assessing the true scope of data breaches, particularly involving government networks. There have already been several legislative and administrative actions aimed at curtailing identity theft. Congress enacted legislation naming identity theft as a federal crime in 1998 (P.L. 105-318) and later provided for enhanced penalties for aggravated identity theft (P.L. 108-275). In April 2007, the President's Identity Theft Task Force issued recommendations to combat identity theft, including specific legislative recommendations to close identity theft-related gaps in the federal criminal statutes. In a further attempt to curb identity theft, Congress directed the FTC to issue an Identity Theft Red Flags Rule, requiring that creditors and financial institutions with specified account types develop and institute written identity theft prevention programs.