Skip to content
Main Menu ID Theft Central Search
Secondary Navigation »

Child Identity Theft

Each year, many Utah children become victim’s of identity theft. Thieves are using children’s Social Security numbers to obtain employment, government benefits, utilities, auto loans, credit accounts, medical care, and mortgages. All of which could harm your child’s credit history and/or prevent them from obtaining loans or government benefits in the future. You can help prevent child identity theft by keeping your child’s Social Security number in a secured location, and by only providing it to the IRS for tax purposes, and to organizations that you trust will keep it safe.

However, thieves can still get your child’s Social Security number, even after you have taken all of the preventative steps. In these situations, thieves typically obtain Social Security numbers that were manufactured in an illegal “document mill” and sold out on the street. Thieves primarily use the stolen Social Security numbers to obtain employment. When this happens, you cannot prevent the misuse of your child’s Social Security Number. Fortunately, Utah’s Legislature passed Section 35A-4-312.5 to specifically deal with this type of identity theft. The statute allows the Department of Workforce Services to notify the person and report the misuse of their Social Security number. The statute also allows the Department of Workforce Services to share the work history information of the victim with law enforcement, so that they can investigate the crime.

Repair the Damage

If you have received a notice from the Department of Workforce Services or another government agency regarding the misuse of your child’s Social Security number, or if you know that your child’s identity is being misused, do the following:

  • Report the crime at ID Theft Central, or to your local police department.
  • Make sure you receive a police report with a case number.
  • Ask the investigating officer to request a work history report on the misused Social Security number from the Department of Workforce Services. This will help the police investigate the crime.
  • If your child is under the age of 17, be sure to enroll the child in the Child Identity Protection program at ID Theft Central
  • Contact the three credit reporting agencies to check whether your child has a credit report.
  • Equifax 1-800-525-6285
  • Experian 1-888-397-3742
  • TransUnion 1-800-680-7289
  • Contact any financial institution where a credit account was created and ask them to close the account. You may need to provide the bank your police report and an affidavit.
  • Contact the government agency that refused your child benefits and provide them a copy of your police report to prove your child is a victim of identity theft. You also may need to provide the agency with a copy of your child’s Birth Certificate and Social Security card in order to prove your child is the not the person using the information for employment.

Warning Signs

There are warning signs that may help you become aware that someone is misusing your child’s Social Security number to commit identity theft.  You or your child might:

  • receive a notice from the Department of Workforce Services or another government agency.
  • get turned down for government benefits, because someone else is receiving benefits using your child’s Social Security number.
  • be contacted by a collection agency for debt that was acquired using your child’s information.
  • receive bills or notices for products or services you did not authorize.
  • get a notice from the IRS indicating taxes were not paid on income, or that your child’s Social Security number was used on another tax return.


Take steps to protect your child’s identity from misuse:

  • Keep you children’s Social Security numbers in a secured location.
  • Do not store your child’s Social Security number in your wallet or purse.
  • Do not allow others to use your child’s Social Security number.
  • Do not share your child’s Social Security number unless it is with a trusted organization.  Be sure to ask why the organization needs the Social Security number, how it will be protected, how long will they maintain the number, and how will they dispose of the number.
  • Do not let an adult “adopt” your child’s Social Security number, so that they can obtain employment, get out of financial trouble, or acquire a loan.

When Your Child Turns 16

It is a good idea to contact the three credit reporting agencies when your child is close to the age of 16 to check whether they have a credit report.  If there is one, and it is not accurate due to fraud or misuse, make sure you work with the credit reporting agencies to get the information cleared from the report.




Data Breach Law Analysis

Analysis and practice notes on Utah’s Database Breach Law:

Consumer Protection Act Sections 13-44-101, 102, 201, 202, 301.
This law only applies to computerized data containing personal identifying information on Utah residents. If someone looses, for whatever reason, paper data or some form of data that is not computerized, then the law does not apply and no notice has to be given. Moreover, if the data belongs to persons who live in another state, no notice is required.
Query: If data on a computer is printed out on paper is it computerized data? The answer is most likely no and therefore no notice has to be given.

Definition of Personal information is limited to a person’s name coupled with Social Security Number, account number, credit or debit card number, security code or access code to the persons account, driver’s license number, or identification number. There is no provision for other personal data or a catch all for data that could otherwise be used to commit identity theft. Therefore, personal information that is not enumerated is not subject to notification.

Note: The definitions section states that personal information is limited to unencrypted personal information or information that is not protected by another method that renders the data unreadable or unusable. There is no standard for what is rendered unusable. Presumably if the data is protected by spelling it backwards, a readily breakable security measure, it is unreadable and therefore not subject to the disclosure requirements. Therefore, if you have a breach of data that is computerized but subject to some form of encryption, no matter how simple, no notice is required.

Also contained in the definitional section is the escape clause that states that if the personal information is contained in any governmental or private database that is lawfully made available to the public, it is not required that the breach of even an unrelated database is subject to the notice requirements.

If there is a data base breech of computerized data that is not encrypted, is notice required? Not yet. First, the entity that has suffered the breech “shall” conduct a “reasonable and prompt” investigation to determine the likely hood that the personal information has been or will be misused for identity theft or fraud purposes. If the investigation determines that the data is to be used by an angry former husband to track down his ex wife and do her in, there is no requirement for notice. If the investigation determines that there is not a reasonable likely hood of identity theft or fraud, notice is not required. If the entity determines that identity theft or fraud has occurred or there is a reasonable likelihood that the data is to be used for identity theft or fraud, then notice is required to be given (in the most expedient time possible without unreasonable delay).
Example: Computerized data containing unencrypted personal information, not otherwise available in a public record, is contained in a laptop. The laptop is stolen in a burglary with other items. Was the laptop stolen for its intrinsic value or was it stolen because the thief thought he would use the information for identity theft or fraud purposes. A reasonable investigation could easily arrive at the conclusion that the laptop was stolen for its value and not the information contained therein. Therefore no notice would be required.

Provided a data base breech requires notification, what form of notice is required? Notice can be in person by talking to the potential victims, by telephone, by e-mail or by putting and ad in a newspaper of general circulation.

Finally, if a person maintains his or her own notification procedure as part of “an information security policy” and provides notice consistent with the Utah law, i.e. “in the most expedient time possible without unreasonable delay.” He or she is considered in compliance with the Utah law. Likewise anyone who is regulated by another security breech law and who gives Utah residents notice under that law or policy is not subject to the Utah Law.


An investment in learning about identity theft today will not only help protect your identity from thieves, but may also help restore your good name and credit if you become a victim of identity theft. Take a moment to learn how to protect yourself against identity theft and how to resolve the problems associated with this crime.

ID Theft Central is designed to launch a process of learning about identity theft.

Credit reporting agencies

Protect your identity with these services

Child Identity Theft

Learn the basics of identity theft


Site SettingsSettings