Legal News

ql Identity Protection

Identity Protection: What Makes it So Important in the US?

It is possible for criminals to observe victims from a close distance when they enter information about their credit cards or bank accounts to commit crimes. A computer message may be intercepted by a criminal for the purposes of obtaining personal information about the sender or to obtain information about the recipient by sending spam (e.g., unwanted emails). The way criminals circumvent security measures, such as firewalls, network routers, or smart devices, has to be understood by IT experts in order to ensure that security is effectively strengthened on these devices. Having a good understanding of the laws and regulations that apply to IT professionals will also help them to avoid government enforcement actions. It is possible for the US Federal Trade Commission (FTC) to take legal action against a company if the company fails to keep its promise of protecting a consumer's personal information.

As the crime of identity theft has grown in severity over the last few years, legislators have worked hard to protect the personal information of consumers from identity thieves. As part of the Personal Information Protection Act (PIPA), consumers must be informed if their personal identifying information is compromised and that their information is reasonably safeguarded. According to PIPA, data breaches are required to be notified to consumers, and reasonable steps that can be taken to prevent the theft of personal information that can be used to identify a particular individual are required to prevent such thefts or alterations.


The Statute's components

The Personal Information Protection Act defines "personal information" as follows:

Combining the first and last name of an individual with:

  • Numbers issued by the federal government such as Social Security numbers, Individual Taxpayer Identification numbers, passport numbers, etc.
  • An identification card number or a driver's license number
  • In conjunction with any necessary security code, access code, or password, an individual's account number, a credit card number, or a debit card number grants access to their financial accounts
  • The mental health of an individual, including health information
  • An individual's health information can be accessed through either the health insurance policy number and subscriber identification number combined with a unique identifier provided by an insurer or self-insured employer; or
  • By automatically measuring a person's biological characteristics like fingerprints, voice prints, genetic prints, retinal or iris images, or other unique biological characteristics, biometric information can be collected that can be used to authenticate an individual's identity whenever he or she accesses a system or account.


  • An individual's email account can be accessed via their username, email address, password, or security question and answer.


ql Statute components


Security Breach

An unauthorized third party is able to obtain computerized data from a computer system that compromises the security, confidentiality, or integrity of personal information through what is known as a security breach. As a result, any consumer who is affected by such a security breach and who is in possession of personal information that could be misused could be at risk if the information is compromised by the business. Upon detecting a security breach, an organization must immediately investigate the incident in order to determine if there has been any misuse of the compromised information, such as identity theft, as a result of the breach. When there is a reasonable chance that a business's consumer data will be misused, the business must notify the affected consumers as soon as possible.

In the event of a security breach, consumers must be notified within 45 days of the breach taking place. The reason a law enforcement agency may ask for a business delay notification is that it wants to determine how extensive the breach is, identify every affected individual, or restore the integrity of the system after a breach has occurred. The consumer must be notified in writing and be contacted by telephone at the address and number listed on the most recent notice. Depending on whether a business operates primarily over the Internet or if it has previously consented to receiving notifications via email, they may choose to send notifications using the email system when they conduct most of their business online. The business may provide substitute notification of a security breach to consumers by sending an email, posting a notice on the website, and distributing information to a statewide media outlet if the cost of notice exceeds $100,000 or the number of consumers to be notified exceeds 175,000 individuals.


ql security breach


Is identity theft illegal under federal law?

Throughout the U.S. Identity theft has been on the rise in the past few years, which has outraged consumers, stressed them about their finances, and made businesses doubt whether they can handle this problem effectively. In order to combat identity theft, the federal government and state governments have enacted laws that require businesses to protect their customers' data more stringently due to the growing concern over identity theft.

Under the Fair Credit Reporting Act, if there is an error in your credit record, you can correct it, and your information can be used only for legitimate business purposes, as stipulated by the law. It is important to note that the Fair and Accurate Credit Transactions Act also amends the Fair Credit Reporting Act in order to provide consumers with new ways to protect themselves against identity theft. Amendments include:

  • Standards for consumer protection at the national level
  • Prevention of identity theft
  • Resolving consumer disputes more effectively
  • Making consumer records more accurate
  • The use and accessibility of credit information by consumers have improved
  • Investigating employee misconduct in a safe manner

There are certain things that must be done in order to resolve an error in a credit card bill or statement that is in compliance with the Fair Credit Billing Act. Additionally, it also limits the use of credit cards in order to prevent unauthorized or fraudulent charges from being made.

You must keep in mind that debt collectors are limited to the use of unfair or deceptive practices as a way to collect overdue bills that your creditor has forwarded to them for collection.

Due to the fact that the Identity Theft and Assumption Deterrence Act was passed, knowingly transferring or using, without the consent of the individual concerned, a person's identification must be considered a federal crime (no., Social Security Number, credit card, cell phone, electronic serial number, etc). The use of this type of weapon could enable the commission of an offense which violates federal law, or would constitute a felony under a local or state law.

Under the Identity Theft Penalty Enhancement Act, aggravated identity theft is punishable by up to five years in prison. Ultimately, the government at both the federal and state levels is striving to achieve a higher standard of identity protection in order to restore the confidence of consumers in businesses in the process.



ql Statute components



Although privacy violations are inevitable, it is imperative to prepare yourself to deal with them in the event that they occur. Experts in the field of information technology need to take into account a risk mitigation strategy. In an organization, regular training can turn out to be the proverbial weak link that allows the organization to perform efficiently. The most effective method of assessing an employee's skills when it comes to assessing their skills is by sending fake email attachments to them and watching to see if they open them. Firewalls and encryption technologies should be implemented on the network in order to ensure security measures are implemented on the network. To enhance the security of sensitive communications using a VPN, it should implement two-factor authentication in order to enhance the level of security. Finally, and most importantly, it is essential to be aware of and to comply with the laws that apply to your state, country, and the international landscape in order to avoid unnecessary complications.

Subscribe Your Email for Newsletter