The listing of laws on this page may not be complete.
 

Thomas Legislative Information on the Internet
http://thomas.loc.gov/

Identity Theft and Assumption Deterrence Act
In October 1998, Congress passed the Identity Theft and Assumption Deterrence Act of 1998 (Identity Theft Act) to address the problem of identity theft. Specifically, the Act amended 18 U.S.C. § 1028 to make it a federal crime when anyone:

knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law.

Violations of the Act are investigated by federal investigative agencies such as the U.S. Secret Service, the FBI, and the U.S. Postal Inspection Service and prosecuted by the Department of Justice.

Section 5 of this Act, Pub. L. No. 105-318, 112 Stat. 3007, makes the FTC a central clearinghouse for identity theft complaints. The Act requires the FTC to log and acknowledge such complaints, provide victims with relevant information, and refer their complaints to appropriate entities (e.g., the major national consumer reporting agencies and other law enforcement agencies).

Fair Credit Reporting Act
http://www4.law.cornell.edu/uscode/15/1681.html
The Fair Credit Reporting Act establishes procedures for correcting mistakes on your credit record and requires that your record only be provided for legitimate business needs.

• Facts for Consumers: Fair Credit Reporting

Fair Credit Billing Act
http://www4.law.cornell.edu/uscode/15/ch41schIpD.html
The Fair Credit Billing Act establishes procedures for resolving billing errors on your credit card accounts. It also limits a consumer's liability for fraudulent credit card charges.

• Fact for Consumers: Fair Credit Billing

Fair Debt Collection Practices Act
http://www4.law.cornell.edu/uscode/15/1692.html
The Fair Debt Collection Practices Act prohibits debt collectors from using unfair or deceptive practices to collect overdue bills that your creditor has forwarded for collection.

• Facts for Consumers: Fair Debt Collection

Electronic Fund Transfer Act
http://www4.law.cornell.edu/uscode/15/1693.html
The Electronic Fund Transfer Act provides consumer protection for all transactions using a debit card or electronic means to debit or credit an account. It also limits a consumer's liability for unauthorized electronic fund transfers.

• Facts for Consumers: Electronic Banking

Driver’s Privacy Protection Act of 1994
http://www4.law.cornell.edu/uscode/18/2721.html
This law puts limits on disclosures of personal information in records maintained by departments of motor vehicles.

Family Educational Rights and Privacy Act of 1974
http://www4.law.cornell.edu/uscode/20/1232g.html
This law puts limits on disclosure of educational records maintained by agencies and institutions that receive federal funding.

Gramm-Leach-Bliley Act (to be codified in relevant part at 15 U.S.C. §§ 6801-6809)

Title V, subtitle A, of this Act, Pub. L. No. 106-102,
http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_cong_public_laws&docid=f:publ102.106
 §§ 501-510, 113 Stat. 1338, 1436-45 (Nov. 12, 1999) requires the FTC, along with the Federal banking agencies, the National Credit Union Administration, the Treasury Department, and the Securities and Exchange Commission, to issue regulations (to be codified at 16 CFR Part 313) ensuring that financial institutions protect the privacy of consumers' personal financial information. Such institutions must develop and give notice of their privacy policies to their own customers at least annually, and before disclosing any consumer's personal financial information to a nonaffiliated third party, must give notice and an opportunity for that consumer to "opt out" from such disclosure.

Health Information Portability and Accountability Act of 1996, Standards for Privacy of Individually Identifiable Health Information, Final Rule - 45 CFR parts 160 and 164
http://aspe.hhs.gov/admnsimp/bannerps.htm#privacy
The privacy rule regulates the security and confidentiality of patient information. It took effect on April 14, 2001, with most covered entities (health plans, health care clearinghouse and health care providers who conduct certain financial and administrative transactions electronically) having until April 2003 to comply.

California Office of Privacy Protection – See for a variety of laws for businesses and consumers including requirements for law enforcement to take police reports and requirements for credit reporting agencies to place security alerts and freezes, and to block inaccurate information resulting from an identity theft upon receipt of a police report.
http://www.privacyprotection.ca.gov/

National Conference of State Legislatures
http://www.ncsl.org/programs/lis/privacy/idt-01legis.htm

California
See California Office of Privacy Protection
http://www.privacyprotection.ca.gov/

Alabama

Alabama Code Sect. 13A-8-190 through 201

13A-8-190  http://alisdb.legislature.state.al.us/acas/CodeOfAlabama/1975/13A-8-190.htm
13A-8-191  http://alisdb.legislature.state.al.us/acas/CodeOfAlabama/1975/13A-8-191.htm
13A-8-192  http://alisdb.legislature.state.al.us/acas/CodeOfAlabama/1975/13A-8-192.htm
13A-8-193  http://alisdb.legislature.state.al.us/acas/CodeOfAlabama/1975/13A-8-193.htm
13A-8-194  http://alisdb.legislature.state.al.us/acas/CodeOfAlabama/1975/13A-8-194.htm
13A-8-195  http://alisdb.legislature.state.al.us/acas/CodeOfAlabama/1975/13A-8-195.htm
13A-8-196  http://alisdb.legislature.state.al.us/acas/CodeOfAlabama/1975/13A-8-196.htm
13A-8-197  http://alisdb.legislature.state.al.us/acas/CodeOfAlabama/1975/13A-8-197.htm
13A-8-198  http://alisdb.legislature.state.al.us/acas/CodeOfAlabama/1975/13A-8-198.htm
13A-8-199  http://alisdb.legislature.state.al.us/acas/CodeOfAlabama/1975/13A-8-199.htm
13A-8-200  http://alisdb.legislature.state.al.us/acas/CodeOfAlabama/1975/13A-8-200.htm
13A-8-201  http://alisdb.legislature.state.al.us/acas/CodeOfAlabama/1975/13A-8-201.htm

Section 11 requires the credit reporting agencies (CRAs) to block false information from consumer victims' credit reports within 30 days of a consumer submitting a court order for the identity thief’s conviction to the CRA.

California
See California Office of Privacy Protection
http://www.privacyprotection.ca.gov/

Colorado

Colorado Revised Statutes 12-14.3-106.5 through 108 and CRS 16-18.5-103
12-14.3-106.5 http://198.187.128.12/colorado/lpext.dll/Infobase/16179/161db/17481/1752a?fn=document-
12-14.3-107 http://198.187.128.12/colorado/lpext.dll/Infobase/16179/161db/17481/1753e?fn=document-
12-14.3-108 http://198.187.128.12/colorado/lpext.dll/Infobase/16179/161db/17481/17545?fn=document-
16-18.5-103 http://198.187.128.12/colorado/lpext.dll/Infobase/22ff2/25010/2504c/25068?fn=document

Requires credit reporting agencies to block inaccurate information resulting from an identity theft upon receipt of a police report.

Idaho

Idaho Code Section 28-51-102
http://www3.state.id.us/cgi-bin/newidst?sctid=280510102.K
Requires credit reporting agencies to block inaccurate information resulting from an identity theft upon receipt of a police report.

Washington

Rev. Code Wash. Section 19.182.160
http://www.leg.wa.gov/RCW/index.cfm?fuseaction=section&section=19.182.160
Requires credit reporting agencies to block inaccurate information resulting from an identity theft upon receipt of a police report.

Rhode Island

R.I. Gen. Laws Section 6-13-17
http://www.rilin.state.ri.us/Statutes/TITLE6/6-13/6-13-17.HTM
This law states that unless required by federal law, no person shall require that a consumer of goods or services disclose a social security number incident to the sale of consumer goods or services; provided, however that: insurance companies, health care, or pharmaceutical companies may require the consumer to furnish a social security number. Also, a consumer may be required to furnish his or her SSN when applying for a credit card.