Who is to blame if your identity is misused? Do you have any recourse against where or how the thief obtained your identity in the first place? Yes, you do!

When an organization who you have given your PII (personal identifying information; such as social security number, birth date, mother’s maiden name, account numbers, and the list goes on…) to is liable if they have not taken “reasonable steps” to protect your information by the Federal Trade Commission.

This posting is the first in a series that will pertain to laws that any and all organizations must comply with for protecting personal identifying information. If you happen to be responsible for an organization, this series will be important information on what you must do to address Federal Trade Commission compliance issues.

If you are an individual, this series will inform you as to what you can expect from an organization you have entrusted to maintain your Personal Identifying Information in order for you to do business with them. You may be an employee, customer, sub-contractor, or vendor. We will cover how an individual can minimize their liability for fraudulent transactions and how the organization can do the same. Your questions are welcomed as we address these responsibilities on each side of an identity theft incident. So let’s get started…

The law states that if an individual brings notice to an organization that a fraudulent transaction occurred within two business days, the maximum liability they can be held for is $50.00 If the fraudulent transaction is reported to the organization after two days but before 60 days, their maximum liability is $500. If the fraudulent transaction is reported to the organization after 60 days, the organization has full right to expect payment in full from the victim as their statutory limit has expired.

Lesson for the individual: When you receive a statement in the mail from any organization, you must review it immediately for any fraudulent transactions. Failing to do so may mean you will have to honor the transaction in full after 60 days. For more information on how to file an identity theft affidavit see our website for the procedure you must file to make a claim if identity theft.

Lesson for the organization: You must report transactions to your customer on a regular basis or the statutory clock will not start. For more information on how to handle a fraudulent identity theft claim made by an individual see our website for the procedure you must follow to process such a claim. (You will find how to assist victims about half-way down the page.)

In the next part of this series I will cover some examples that victims have reported. If you have any questions in the meantime or examples of your own, please post a reply and I will be sure to address your contribution.

Bob Listerman - ID Theft Bob Listerman, CPA, CITRMS
(Certified Identity Theft Risk Management Specialist)