117 STAT. 1962
PUBLIC LAW 108–159—DEC. 4, 2003 30 days after the date of receipt of a request from a victim in accordance with paragraph (3), and subject to verification of the identity of the victim and the claim of identity theft in accordance with paragraph (2), a business entity that has provided credit to, provided for consideration products, goods, or services to, accepted payment from, or otherwise entered into a commercial transaction for consideration with, a person who has allegedly made unauthorized use of the means of identification of the victim, shall provide a copy of application and business transaction records in the control of the business entity, whether maintained by the business entity or by another person on behalf of the business entity, evidencing any transaction alleged to be a result of identity theft to— ‘‘(A) the victim; ‘‘(B) any Federal, State, or local government law enforcement agency or officer specified by the victim in such a request; or ‘‘(C) any law enforcement agency investigating the identity theft and authorized by the victim to take receipt of records provided under this subsection. ‘‘(2) VERIFICATION OF IDENTITY AND CLAIM.—Before a business entity provides any information under paragraph (1), unless the business entity, at its discretion, otherwise has a high degree of confidence that it knows the identity of the victim making a request under paragraph (1), the victim shall provide to the business entity— ‘‘(A) as proof of positive identification of the victim, at the election of the business entity— ‘‘(i) the presentation of a government-issued identification card; ‘‘(ii) personally identifying information of the same type as was provided to the business entity by the unauthorized person; or ‘‘(iii) personally identifying information that the business entity typically requests from new applicants or for new transactions, at the time of the victim’s request for information, including any documentation described in clauses (i) and (ii); and ‘‘(B) as proof of a claim of identity theft, at the election of the business entity— ‘‘(i) a copy of a police report evidencing the claim of the victim of identity theft; and ‘‘(ii) a properly completed— ‘‘(I) copy of a standardized affidavit of identity theft developed and made available by the Commission; or ‘‘(II) an affidavit of fact that is acceptable to the business entity for that purpose. ‘‘(3) PROCEDURES.—The request of a victim under paragraph (1) shall— ‘‘(A) be in writing; ‘‘(B) be mailed to an address specified by the business entity, if any; and ‘‘(C) if asked by the business entity, include relevant information about any transaction alleged to be a result of identity theft to facilitate compliance with this section including—
VerDate 11-MAY-2000
10:15 Aug 27, 2004
Jkt 019194
PO 00000
Frm 00914
Fmt 6580
Sfmt 6581
D:\STATUTES\2003\19194PT2.001
APPS10
PsN: 19194PT2
�
