California Enacts Tough Anti-Phishing Law
State becomes the first to spell out penalties for Internet fraudsters who steal identities.
California Gov. Arnold Schwarzenegger on Friday signed anti-phishing legislation into law, making California the first state to spell out penalties for Internet fraudsters who steal identities.
The Anti-Phishing Act of 2005, sponsored by state Sen. Kevin Murray, a Democrat from Los Angeles, "makes it unlawful for any person, through the Internet or other electronic means, to solicit, request, or take any action to induce another person to provide identifying information by representing itself to be a business without the approval or authority of the business."
- Why Rational Development Solutions for Power?
- 2012 IBM Chief Information Security Officer Assessment
Murray's bill defines "identifying information" as everything from a Social Security or credit card number to an account password or PIN, and levies fines of up to $2,500 per violation against those convicted phishers. Victims, meanwhile, may seek actual damages, or $500,000 per violation, whichever is greater.
The Anti-Phishing Act of 2005 passed the Senate in late August by a vote of 37-1, with 2 abstaining.
On Friday, Schwarzenegger signed the anti-phishing bill into law, and in a statement, said "More Internet predators seeking to steal consumer identities can now be criminally prosecuted in our state. As Governor I will continue to work toward ensuring California consumers are protected from unscrupulous and irresponsible practices."
Text of the bill can be found on the California legislative site.