Attorney General Lockyer Alerts Consumers About Law to Help Prevent Identity Theft

Businesses Must Limit Use of Customers' Social Security Numbers

Monday, April 28, 2003
Contact: (916) 210-6000,

(SACRAMENTO) – Attorney General Bill Lockyer today reminded Californians about a new law that helps consumers protect themselves from one of the fastest-growing crimes in the state: identity theft. The law, which is being implemented in stages since July 1, 2002, requires businesses to limit how and when they display consumers' social security numbers (SSNs) and how and when they require customers to use SSNs as identification.

"Social security numbers are often used by health care providers as member I.D. numbers and by banks as checking account numbers," Lockyer said. "Criminals who steal wallets or mail or even root through someone's recycling bin can easily find this piece of information and use it to open credit card accounts, write bad checks, buy cars – you name it. This law is a first step in making it harder for thieves to get hold of your social security number."

The law, Civil Code § 1798.85, prohibits most businesses from using consumers' social security numbers in ways that make the numbers more accessible to identity thieves. Under the law, created by SB 168 and SB 1730, both authored by Senator Debra Bowen, D-Redondo Beach, most businesses now cannot:

Make a consumer's social security number available to the general public;

Print a consumer's SSN on any card required to access products or services;

Require consumers to transmit their SSNs over the Internet unless the connection is secure or the number itself is encrypted; or

Send materials containing SSNs through the mail, except for applications and forms.

The protections are not automatic if a business was already using a consumer's social security number in these ways before the law went into effect. Under the law, the business can continue to use SSNs if it gives the consumer an annual notice of the consumer's right to request that the company discontinue the practice. Consumers must make a written request to the business asking that it stop using their SSNs in the ways prohibited by the new law. The business then has 30 days to comply. A consumer may make this written request at any time.

Health care plans, providers and insurers must comply now with most of the law's restrictions. However, the prohibition on printing an SSN on a card used to access services will be phased in. For new policyholders, the prohibition will begin January 1, 2004; for existing policyholders, the provision will become effective as contracts or policies are renewed, but no later than July 1, 2005. Some insurers and providers already are honoring requests from subscribers to change account numbers. Consumers should check with their health plan to see if theirs is among them.

The law does not apply to government agencies and it does not prevent the collection, use or retention of social security numbers as required by state or federal law. It also allows companies to use social security numbers for internal verification or for administrative purposes. The law permits the use of SSNs in applications and forms sent by mail and it exempts certain records that are required to be open to the public pursuant to specified state laws.

Identity theft was recently listed by the Federal Trade Commission as that agency's No. 1 source of complaints in the past year. In California, identity theft claimed more than 30,000 victims last year alone. It can take identity theft victims several years to clear their credit records. In the meantime, victims may have trouble getting credit, renting apartments or finding jobs because many applications require a credit check as part of the approval process. Identity thieves can wreak havoc on a consumer's credit score by failing to pay credit card bills and other charges that are made in the consumer's name.

"Identity theft is a scourge of the information age," Lockyer said. "This bill will go a long way in helping consumers protect their identity, their bank accounts and their credit history."

Legislation is pending in Sacramento to expand the ban on using SSNs. AB 46 by Assemblyman Joe Simitian, D-Palo Alto, would prohibit California universities or colleges from using SSNs as student identifiers, and SB 25 by Sen. Bowen would prohibit state and local agencies from using SSNs as identifying numbers. The Attorney General's Office supports both bills.

Consumers who have a complaint about a business they believe is not complying with the law should contact the Attorney General's Public Inquiry Unit at (800) 952-5225, or file a complaint online at the Attorney General's website at . Consumers who feel they have been the victims of identity theft should file a report with their local law enforcement agency. Consumers also may report identity theft to their local district attorney or to the Attorney General's Public Inquiry Unit. A full list of tips for identity theft victims can be found at and at

# # #