HOUSE CONSUMER AND PUBLIC AFFAIRS COMMITTEE SUBSTITUTE FOR
HOUSE BILL 251
47th legislature - STATE OF NEW MEXICO - second session, 2006
AN ACT
RELATING TO CRIMINAL LAW; PROVIDING REMEDIES TO VICTIMS OF IDENTITY THEFT; PROVIDING FOR IDENTITY THEFT PASSPORTS; REQUIRING POLICE REPORTS; ALLOWING FOR REMOVAL OF A FALSE IDENTITY IN CRIMINAL RECORDS; ALLOWING FOR A SECURITY FREEZE ON CREDIT REPORTS; PROVIDING FOR BLOCKING OF FRAUDULENT INFORMATION ON CREDIT REPORTS; EXTENDING THE TIME LIMIT FOR PROSECUTION OF CERTAIN CRIMES; CLARIFYING DEFINITIONS; PROVIDING FOR CIVIL LIABILITY.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF NEW MEXICO:
Section 1. Section 30-1-8 NMSA 1978 (being Laws 1963, Chapter 303, Section 1-8, as amended) is amended to read:
"30-1-8. TIME LIMITATIONS FOR COMMENCING PROSECUTION.--[No] A person shall not be prosecuted, tried or punished in any court of this state unless the indictment is found or information or complaint is filed [therefor] within the time as provided:
A. for a second degree felony, within six years from the time the crime was committed;
B. for a third or fourth degree felony, within five years from the time the crime was committed;
C. for a misdemeanor, within two years from the time the crime was committed;
D. for a petty misdemeanor, within one year from the time the crime was committed;
E. for any crime against or violation of Section
51-1-38 NMSA 1978, within three years from the time the crime was committed;
F. for a felony pursuant to [Sections] Section 7-1-71.3, 7-1-72 or 7-1-73 NMSA 1978 [or Section 4 of this 2005 act], within five years from the time the crime was committed; provided that for a series of crimes involving multiple filing periods within one calendar year, the limitation shall begin to run on December 31 of the year in which the crimes occurred;
G. for an identity theft crime pursuant to Section 30-16-24.1 NMSA 1978, within five years from the time the crime was discovered;
[G.] H. for any crime not contained in the Criminal Code or where a limitation is not otherwise provided for, within three years from the time the crime was committed; and
[H.] I. for a capital felony or a first degree [violent] felony, no limitation period shall exist and prosecution for these crimes may commence at any time after the occurrence of the crime."
Section 2. Section 30-16-24.1 NMSA 1978 (being Laws 2001, Chapter 138, Section 1, as amended) is amended to read:
"30-16-24.1. THEFT OF IDENTITY--OBTAINING IDENTITY BY ELECTRONIC FRAUD.--
A. Theft of identity consists of:
(1) willfully obtaining, recording or transferring personal identifying information of another person without the authorization or consent of that person and with the intent to defraud that person or another or with the intent to sell or distribute the information to another for an illegal purpose; or
(2) using personal identifying information of another person, whether that person is dead or alive, or of a false or fictitious person, to avoid summons, arrest or prosecution or to impede a criminal investigation.
B. Obtaining identity by electronic fraud consists of knowingly and willfully soliciting, requesting or taking any action by means of a fraudulent electronic communication with intent to obtain the personal identifying information of another.
C. As used in this section:
(1) "fraudulent electronic communication" means a communication by a person that is an electronic mail message, web site or any other use of the internet that contains fraudulent, false, fictitious or misleading information that depicts or includes the name, logo, web site address, email address, postal address, telephone number or any other identifying information of a business, organization or state agency, to which the person has no legitimate claim of right; [and]
(2) "personal identifying information" means information that alone or in conjunction with other information identifies a person, including the person's name, address, telephone number, driver's license number, social security number, date of birth, biometric data, place of employment, mother's maiden name [of the person's mother], demand deposit account number, checking or savings account number, credit card or debit card number, personal identification number, electronic identification code, automated or electronic signature, passwords or any other numbers or information that can be used to access a person's financial resources, obtain identification, act as identification or obtain goods or services; and
(3) "biometric data" means data, such as finger, voice, retina or iris prints or deoxyribonucleic acid, that capture, represent or enable the reproduction of unique physical attributes of a person.
D. Whoever commits theft of identity is guilty of a fourth degree felony.
E. Whoever commits obtaining identity by electronic fraud is guilty of a fourth degree felony.
F. Prosecution pursuant to this section shall not prevent prosecution pursuant to any other provision of the law when the conduct also constitutes a violation of that other provision.
G. In a prosecution brought pursuant to this section, the theft of identity or obtaining identity by electronic fraud shall be considered to have been committed in the county:
(1) where the person whose identifying information was appropriated, obtained or sought resided at the time of the offense; or
(2) in which any part of the offense took place, regardless of whether the defendant was ever actually present in the county.
H. A person found guilty of theft of identity or of obtaining identity by electronic fraud shall, in addition to any other punishment, be ordered to make restitution for any financial loss sustained by a person injured as the direct result of the offense. In addition to out-of-pocket costs, restitution may include payment for costs, including attorney fees, incurred by that person in clearing the person's credit history [or], credit rating, criminal history or criminal charges or costs incurred in connection with a [civil or administrative] legal proceeding to satisfy a debt, lien, judgment or other obligation of that person arising as a result of the offense.
I. The sentencing court shall issue written findings of fact and may issue orders as are necessary to correct [a public record] public records and errors in credit reports and identifying information that [contains] contain false information as a result of the theft of identity or of obtaining identity by electronic fraud."
Section 3. A new section of Chapter 29 NMSA 1978 is enacted to read:
"[NEW MATERIAL] IDENTITY THEFT REPORTS.--When a law enforcement officer interviews an alleged identity theft victim, the law enforcement officer shall make a written report of the information provided by the victim and by witnesses on appropriate forms provided by the attorney general. A copy of the police report shall be filed with the office of the attorney general."
Section 4. [NEW MATERIAL] USE OF FALSE IDENTITY BY A PERSON CHARGED WITH A CRIME--EXPUNGEMENT FROM POLICE AND COURT RECORDS.--
A. A person whose name or other identifying information was used, without consent or authorization, by another person who was charged, arrested or convicted of a crime while using such name or identification may, with notice to the prosecutor, file a petition in the criminal action, if pending, or if the criminal action is not pending, then in a court of competent jurisdiction, requesting a determination of factual innocence and an expungement of the petitioner's personal identifying information from the record. If the court finds by clear and convincing evidence that the petitioner did not commit the offense with which the petitioner's identity has been associated, the court shall issue an order certifying the petitioner's factual innocence.
B. When a court finds a petitioner factually innocent pursuant to Subsection A of this section, the court shall order that the petitioner's name and other identifying information contained in the court records be removed and the records labeled to show that, due to identity theft, the information is not accurate and does not reflect the perpetrator's true identity. The court shall also order expungement of the arrest information pursuant to Section 29-3-8.1 NMSA 1978.
C. A court may at any time vacate the determination of factual innocence if the petition, or information submitted in support of the petition, contains a material misrepresentation or fraud. If the court vacates the determination, the court shall rescind all orders made pursuant to this section.
Section 5. [NEW MATERIAL] IDENTITY THEFT PASSPORT--DATABASE.--
A. The attorney general, in cooperation with the department of public safety and the motor vehicle division of the taxation and revenue department, shall issue an identity theft passport to a person who claims to be a victim of identity theft pursuant to Section 30-16-24.1 NMSA 1978, and who provides to the attorney general:
(1) a certified copy of a court order obtained pursuant to Section 4 of this 2006 act or a full set of fingerprints;
(2) a driver's license or other government-issued identification or record; and
(3) other information as required by the attorney general.
B. An identity theft passport shall contain a picture of the person to whom it was issued and other information as the attorney general deems appropriate.
C. The attorney general may enter into a memorandum of understanding with the motor vehicle division of the taxation and revenue department for the development and issuance of a secure form of identity theft passport. When an identity theft passport is issued, the motor vehicle division shall note on the person's driver record that an identity theft passport has been issued.
D. An identify theft passport shall be accepted as evidence of identity by law enforcement officers and others who may challenge the person's identity.
E. The attorney general shall maintain a database of identity theft victims who have reported to a law enforcement agency or have been issued an identity theft passport. The attorney general may provide access to the database only to criminal justice agencies. For purposes of identification and authentication, the attorney general may allow access to specific information about a person who has become a victim of identity theft to that person or to that person's authorized representative.
F. The attorney general shall keep on file each application for an identity theft passport and each police report of identity theft submitted by a law enforcement agency.
G. The attorney general shall prepare and make available to local law enforcement agencies and to the general public an information packet that includes information on how to prevent and stop identity theft.
Section 6. Section 56-3-1 NMSA 1978 (being Laws 1969, Chapter 259, Section 1, as amended) is amended to read:
"56-3-1. DEFINITIONS.--As used in [this act] Chapter 56, Article 3 NMSA 1978:
A. "credit bureau" means any business engaged in furnishing credit information about consumers; [and]
B. "credit report" means a written, oral or other communication of information by a credit bureau bearing on a consumer's credit, credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics or mode of living that is used or expected to be used or collected for the purpose of serving as a factor in establishing the consumer's eligibility for credit, insurance, investment, benefit, employment or other purpose as authorized by the federal Fair Credit Reporting Act, 15 U.S.C. 1681a;
[B.] C. "consumer" means any natural person in the general consuming public who seeks or is seeking credit for personal, family or household purposes or who is a subject of a credit report; and
D. "security freeze" means a prohibition on a credit bureau from releasing all or any part of a credit report or any information derived from a credit report."
Section 7. A new section of Chapter 56, Article 3 NMSA 1978 is enacted to read:
"[NEW MATERIAL] SECURITY FREEZE.--
A. A consumer may elect to place a security freeze on the consumer's credit report by making a request to a credit bureau in writing by means of certified or overnight mail, by telephone or through a secure electronic mail connection.
B. No later than five business days after receiving a request for a security freeze, a credit bureau shall:
(1) place a security freeze on a consumer's credit report;
(2) send a written confirmation of the security freeze to the consumer; and
(3) provide the consumer with a unique personal identification number or password to use if the consumer chooses to authorize the release of the consumer's credit report to a specific person or to lift the security freeze temporarily or permanently.
C. While a security freeze is in place, a consumer may authorize a credit bureau to release the consumer's credit report to a specific person or to lift the security freeze for a specific period of time by providing the credit bureau with the personal identification number or password, verification of the consumer's identity and information regarding the person who is to have access to the credit report or the period of time for which the security freeze is to be lifted. The credit bureau shall authorize the release of the consumer's credit report or lift the security freeze as requested within three business days after receiving the request from the consumer.
D. If a third party requests access to a credit report on which a security freeze is in effect for the purpose of receiving, extending or otherwise using the credit in that report, the credit bureau shall notify the consumer that an attempt was made to access the consumer's credit report.
E. If a credit bureau releases information on a credit report on which a security freeze is in effect, it shall notify the consumer within five business days of the release of information, including the specific information released and the third party to whom it has been released.
F. A security freeze shall remain in place until a consumer requests that the security freeze be removed. A credit bureau shall remove the security freeze within three business days after receiving a request from a consumer who provides the personal identification number or password and verification of the consumer's identity.
G. A credit bureau shall not charge a fee for security freeze services, including the placement or lifting of a security freeze.
H. Nothing in this section prevents a credit bureau from advising a third party that a security freeze has been placed on a credit report. A credit bureau shall not suggest or otherwise state or imply to a third party that the security freeze reflects a negative credit score, history, report or rating.
I. Nothing in this section prevents a credit bureau from supplying information to a non-credit-granting governmental agency pursuant to the provisions of Section 56-3-3 NMSA 1978 or to governmental agencies investigating fraud, delinquent taxes, unpaid court orders or other statutory responsibilities."
Section 8. A new section of Chapter 56, Article 3 NMSA 1978 is enacted to read:
"[NEW MATERIAL] BLOCKING FRAUDULENT INFORMATION.--
A. If a consumer alleges identity theft and provides to a credit bureau a copy of a valid police report describing the identity theft circumstances, the credit bureau shall promptly block the reporting of any information that the consumer alleges appears on the consumer's credit report as a result of identity theft.
B. A credit bureau may decline to block or may rescind a block of information in a credit report if:
(1) in the exercise of good faith and judgment, the credit bureau believes that the information was blocked due to a misrepresentation of a material fact by the consumer;
(2) the consumer agrees that portions or all of the blocked information was blocked in error;
(3) the consumer knowingly received goods, services or money as a result of the blocked information; or
(4) the credit bureau, in the exercise of good faith and judgment, has substantial reason based on specific, verifiable facts to doubt the authenticity of the alleged identity theft.
C. If the block on credit report information is rescinded pursuant to Subsection B of this section, the consumer shall be notified by the credit bureau within five business days that the information is no longer blocked and the reasons why it is no longer blocked.
D. A credit bureau shall delete from a consumer's credit report inquiries for credit reports based upon credit requests that the credit bureau verifies were initiated as a result of the alleged identity theft."
Section 9. A new section of Chapter 56, Article 3 NMSA 1978 is enacted to read:
"[NEW MATERIAL] VIOLATION OF SECURITY FREEZE--CIVIL LIABILITY.--If a credit bureau releases information placed under a security freeze in violation of the provisions of Section 7 of this 2006 act, the affected consumer may bring a civil action against the credit bureau for:
A. injunctive relief to prevent further violation of the security freeze;
B. any actual damages sustained by the consumer as a result of the violation;
C. a civil penalty in an amount not to exceed ten thousand dollars ($10,000) for each violation of the security freeze; and
D. costs of the action and reasonable attorney fees."
Section 10. EFFECTIVE DATE.--The effective date of the provisions of this act is July 1, 2006.
- 15 -