Download Zipped Introduced WordPerfect HB0387.ZIP
[Status][Bill Documents][Fiscal Note][Bills Directory]
H.B. 387
1
2
3
4
5
6
7 LONG TITLE
8 General Description:
9 This bill modifies a provision creating the Identity Theft Reporting Information System.
10 Highlighted Provisions:
11 This bill:
12 . modifies the purposes for an Internet website within the Office of the Attorney
13 General to include providing information about and links to resources to protect
14 Social Security numbers.
15 Monies Appropriated in this Bill:
16 None
17 Other Special Clauses:
18 None
19 Utah Code Sections Affected:
20 AMENDS:
21 67-5-22, as last amended by Laws of Utah 2008, Chapter 161
22
23 Be it enacted by the Legislature of the state of Utah:
24 Section 1. Section 67-5-22 is amended to read:
25 67-5-22. Identity theft reporting information system -- Internet website and
26 database -- Access -- Maintenance and rulemaking -- Criminal provisions.
27 (1) There is created within the Office of the Attorney General the Identity Theft
28 Reporting Information System (IRIS) Program to establish a database and Internet website to:
29 (a) allow persons in the state to submit reports of identity theft;
30 (b) assist the Office of the Attorney General in notifying state and local law
31 enforcement agencies of reports of identity theft;
32 (c) provide assistance and resources to victims of identity theft;
33 (d) provide a centralized location where information related to incidents of identity
34 theft may be securely stored and accessed for the benefit of victims of identity theft; [
35 (e) provide public education and information relating to identity theft[
36 (f) provide information about and links to resources that assist an individual, including
37 a minor through a parent or legal guardian, to protect the individual's Social Security number
38 against an unauthorized use or disclosure.
39 (2) (a) The Internet website shall be maintained by the Office of the Attorney General
40 and shall be made available to the public and to victims of identity-related crimes.
41 (b) The Internet website shall:
42 (i) allow a victim of an identity-related crime to report the crime on the website and
43 have the victim's report routed to the appropriate law enforcement agency for the jurisdiction in
44 which the crime occurred; and
45 (ii) provide public education and information relating to identity theft.
46 (c) The Internet website may be expanded to provide other identity-related services to
47 victims according to the procedures of Subsection (4).
48 (3) (a) The Department of Technology Services shall administer and maintain the
49 database established under this section in an electronic file or other format as established by the
50 department.
51 (b) (i) The database shall be maintained for the purpose of identifying victims of
52 identity theft who have filed a report with the program established under this section, and may
53 contain the personally identifiable information for each victim, which may include the
54 following information related to an incident of identify theft:
55 (A) the victim's name, address, email addresses, and telephone numbers;
56 (B) the victim's Social Security number and other identifying information;
57 (C) the victim's financial institution information, account numbers, and transaction
58 information;
59 (D) the victim's benefit information;
60 (E) the victim's credit account information;
61 (F) the victim's loan information;
62 (G) the victim's employment information;
63 (H) the victim's Internal Revenue Service or tax information;
64 (I) the victim's utility service information;
65 (J) information concerning legal matters or collections related to the incident;
66 (K) information concerning unauthorized or illegal transactions, denied credit, stolen
67 identification, and all other unauthorized actions related to the identity theft; and
68 (L) any other information related to the incident of identity theft that the victim or the
69 Office of the Attorney General elects to include in the database.
70 (ii) The database shall record and maintain:
71 (A) identification information for each person who requests or receives information
72 from the database;
73 (B) a record of the information that is requested or received by each person who
74 requests or receives information from the database; and
75 (C) a record of the date and time that any information is requested or provided from the
76 database.
77 (c) Information in the database is considered to be the property of the Office of the
78 Attorney General, and retains any classification given it under Title 63G, Chapter 2,
79 Government Records Access and Management Act.
80 (4) The Department of Technology Services, with the approval of the Office of the
81 Attorney General, may make rules to:
82 (a) permit the following persons to have access to the database:
83 (i) federal, state, and local law enforcement authorities, provided that the authority is
84 acting within a specified duty of the authority's employment in enforcing laws;
85 (ii) participating merchants and financial institutions, provided that the merchant or
86 institution has entered into an access agreement with the Office of the Attorney General; and
87 (iii) other persons, to be established by rule, provided that the person's access to the
88 information is necessary and reasonable to accomplish the purposes of the program as provided
89 in Subsection (1);
90 (b) define and enforce limitations on access to information via the Internet website or
91 in the database; and
92 (c) establish standards and procedures to ensure accurate identification of individuals
93 that are requesting or receiving information from the Internet website or the database.
94 (5) (a) In addition to the penalties provided under Title 63G, Chapter 2, Government
95 Records Access and Management Act, a person may not knowingly and intentionally release or
96 disclose information from the database in violation of the limitations provided under
97 Subsection (4)(a).
98 (b) A violation of Subsection (5)(a) is a third degree felony.
99 (6) (a) A person may not obtain or attempt to obtain information from the database by
100 misrepresentation or fraud.
101 (b) A violation of Subsection (6)(a) is a third degree felony.
102 (7) (a) A person may not knowingly and intentionally use, release, publish, or
103 otherwise make available to any other person or entity any information obtained from the
104 database for any purpose other than those specified under Subsection (4)(a).
105 (b) Each separate violation of Subsection (7)(a) is a third degree felony.
Legislative Review Note
as of 3-9-10 3:26 PM