Skip to content
Main Menu ID Theft Central Search
Secondary Navigation »

The Law

Identity theft is not a new subject. It has been occurring for centuries in one form or another. What is new is the ease in which it is committed, the staggering numbers of victims and amount of loss. To combat identity theft, Utah’s Legislature has written many statutes. These statutes have been designed to provide effective tools for prosecutors to use in their fight against identity theft. Many of the statutes originated from a specific case or cases that indicated a need for new legislation.

Federal Identity Theft Laws





Below is a history in chronological order of Utah’s identity theft laws, which got their start in 2000 with the Identity Fraud Act.  Information on this page is a good example of the commitment and dedication Utah’s Legislature have toward combating the actions of thieves, and with helping the victims of identity theft crimes.


Identity Theft

identity theft

Section 76-6-1101 Created the crime of Identity Theft, which is known as the “Identity Theft Act.”


Section 76-6-1102; A person is guilty of identity fraud when that person knowingly or intentionally obtains personal identifying information of another person without the authorization of that person; and uses or attempts to use, that information with fraudulent intent, including to obtain, or attempt to obtain, credit, goods, services, any thin of value, or medical information in the name of another person without the consent of that person.

Identity Fraud is a (2002):

Class B misdemeanor if the value was less than $300.00

Class A misdemeanor if the value was greater than $300.00

Section 76-6-1103 provided that jurisdiction over identity fraud offenses was in any county where any part of the identity fraud took place and that the Division of Consumer Protection had had the responsibility for investigation of identity fraud violations. Also provided that a violation of this section was a prima facie violation of the Consumer Sales Practices Act.


SB207 to amend sections 76-6-110276-6-1102 and 1103

The identity fraud statute was amended to state that if the value could not be determined for the theft of medical records or for employment, and the theft occurred without the consent of the victim, then the crime was a class A misdemeanor.

Section 76-6-1103 was amended to reflect that in addition to investigations conducted by other law enforcement agencies the Division of Consumer Protection also has responsibility to investigate identity fraud crimes where identity fraud was the primary crime.

Section 76-6-1104 provided that the court shall make appropriate findings that the victim did not commit the identity theft offense.

Section 76-6-1102 was amended to recognize the significant impact of identity fraud crimes on victims. The identity fraud statute was amended to increase the penalties for the crime. Identity fraud became at least a class A misdemeanor and the class B crime status was eliminated. This legislation also eliminated the 90-day period to aggregate the offense in paragraph 4. Now there was no limit on the time in which the offense could be aggregate.

Section 76-6-1103 was amended to reflect that the Attorney General’s office was to handle investigations rather than the Department of Consumer Protection. This enabled Consumer Protection to hand over identity fraud investigations to the Attorney General’s office.

Section 13-11-4.5 removed language referencing consumer statute.

Section 76-10-1602; identity fraud was added to the list of crimes that could constitute a racketeering offense.

Financial Transaction Offenses


Section 76-6-506.7 of the Financial Transaction Card offenses were amended to make it a third degree felony to possess a financial transaction card with the intent to defraud or to capture the magnetic encoding on the card with the intent to defraud. It also provided that a subsequent conviction for this offense would be a second degree felony.

Sections 13-37-101, 201, 202; this law requires commercial entities that collect personal identifying information in consumer transactions to disclose to the consumer that the information is subject to resale to third parties. Section 202 gives the consumer the right to sue for $500.00 in damages if the disclosure is not made.

Section 13-37-101: this statute of the code was enacted to prohibit merchants from printing more than the last five numbers of a credit card on a receipt.

Section 13-37-102 provided for a private right of action against a person printing more than the last five digits of a credit card on a sale receipt.

Section 76-1-201; recognizing the identity fraud crimes can easily cross borders, the legislature amended this code section to broaden the jurisdiction of identity fraud offenses. This gave Utah courts jurisdiction over offenses committed out of state if the victim of the offense resides or is found in Utah.

Section 76-1-202 amended to broaden the venue on identity fraud cases to any county where the victim’s personal information was obtained, where the defendant used or attempted to use the personal information, where the victim of identity fraud is or is found or if multiple violations occurred all can be filed in any county where any of the above listed requirements are met.

Moreover, it enabled Utah prosecutors to file identity fraud cases occurring out of Utah. If the victim was here it enabled prosecutors to combine multiple offenses into a single venue for prosecution in one jurisdiction instead of being split up among several different jurisdictions.



Section 76-6-1102; identity fraud became a felony crime. Identity fraud is at least a third degree felony and becomes a second degree felony if the amount exceeds $5,000.00.

Section 76-6-1105; unlawful possession of another’s identification documents was added to the code.  Under this statute, if you have one other person’s identifying document without authorization you are guilty of a class A misdemeanor. If you are in possession of two or more people’s identifying documents you are guilty of a third degree felony.

Section 53-3-207; this statute was amended to reflect that driver’s licenses will not display a Social Security Number on them.

Section 53-3-411 amended to reflect that Commercial Driver Licenses would not display a Social Security Number.

Section 53-3-805 amended to reflect that state issued ID cards would not display a Social Security Number.

Section 76-6-1102 amended to include deceased individuals. In other words, stealing a deceased person’s identity qualifies as identity fraud.

Section 53-3-221 amended this section to make it possible for the Utah Drivers License Division to suspend or revoke a driver’s license if a person knowingly possessed, acquired, used or displayed what purported to be a valid driver’s license.

Section 53-3-229 amended to make it a class B crime to possess, acquire, use or display a non-valid driver’s license. If an individual attempted to use a non valid license to purchase alcohol or cigarettes it was a class A misdemeanor and if the individual was using the non valid driver’s license to fraudulently acquire goods or services it was a third degree felony.

Furthermore, if the possession or use of the non-valid driver’s license was to aid the commission of a violent felony, then it was a second degree felony.

Section 76-6-1102; identity thieves only have to knowingly and intentionally use id’s that they know is not theirs. The prosecution needs only to prove the thief’s use of the id and that it was not his/hers; a simpler burden.

The language “It is not a defense to a violation of identity fraud that the person did not know that the personal information belonged to another person” was also added to make the intent of the word change clear.


Data Breach


Sections 13-42-101, 102, 202; these sections of the Utah code defines what a breech of system security is, personal information that is limited to unencrypted personal information and describes what notice is to be given if a data base breech occurs.

These sections are limited to only computer databases with unencrypted information. The person who has the data base breech is to conduct an investigation and if it is reasonably determined that the data may be used for identity theft or fraud, then notice shall be given. Notice can be given electronically, in writing, by phone or by publication.

Consumer Credit Freeze


Sections 13-42-201, 203, 204, and 205; these sections were added to the Utah code to create for the first time in Utah the ability of a person to place a credit freeze on his or her credit report and protect his or her credit rating.  The credit freeze statute was written to allow for the first 15 minute thaw cycle in the nation. Now Utah consumers can freeze their credit reports and prevent identity thieves from gaining credit using victims information.

Sections 13-42-201 provides that a person conducting business in Utah and maintains personal information shall implement and maintain reasonable procedures to prevent unlawful use or the disclosure of personal information and that they will destroy all records containing personal information that are not retained. The destruction shall be by shredding, erasing or otherwise modifying the personal information to make the information indecipherable.

Section 13-42-301; this section was enacted to provide that Social Security Numbers were not to be displayed in a location that would be open to public view. It also provides that an inmate in a Department of Corrections facility or county jail cannot be used in any state contract where the inmate would have access to personal information.

Section 13-42-401 provides that the Attorney General may enforce these sections by providing a of $2,500.00 per consumer up to $100,000.00 and may also seek injustice relief.

Section 76-10-1801; a new section was added to Communications Fraud to address the crimes of “phishing” and “pharming.”  The use of a fictitious email or website to induce a person to give sensitive information that could be used to gain access to their bank accounts. The new section provides that a person whose intent is to acquire sensitive personal information by the use of a scheme or artifice is guilty of a second degree felony.


Utah Department of Workforce Services

workforce services

Section 35A-4-312.5 amended to allow the Department of Workforce Service to contact the person who was the victim of the identity theft and report the misuse of the Social Security Number.  The Department of Workforce Services was also allowed to share its data with law enforcement. The law is limited to identity theft.

Section 76-10-1301 amended to lower the penalty for a Department of Workforce Services employee who disclosed too much information to a class C misdemeanor.

S.B.140 amended UCA 76-6-1102 to state identity fraud is an automatic second degree felony if the fraudulent use of personal identifying information results, directly or indirectly, in bodily injury to another person.

Sections 26-2-4 and 26-2-13; these sections were amended to eliminate the inclusion of a Social Security Number on a Death Certificate issued by the State of Utah.


Identity Theft Reporting Information System


Section 67-5-22; this bill provides statutory recognition for the Identity Theft Reporting Information system (IRIS) and came with $400,000.00 appropriation of funds to help develop IRIS.

Section 63-2-304; this section (renumbered 63G-2-304) of the Government Records Access Management Act (GRAMA) was amended to exempt the IRIS database from its requirements.

Section 67-5-22 amended to specifically recognize IRIS in legislation. States IRIS is to be maintained by the Attorney General’s office and is to provide assistance and resources to victims of identity theft, provide public education and information. It also provided for a database in the Department of Technology Services. It also stated the Department of Technology Services, with the approval of the Attorney General’s office could make rules to administer the database and control access to it. It specifically addressed access by law enforcement, participating merchants and financial institutions. It provided that disclosure of information or an attempt to gain access to information by fraud is a third degree felony.

Section 76-6-1102 amended to include the addition of birth date in the definition of personal information and employment was added back into the statute as one of the enumerated items that are listed as examples of identity theft (although the wording did not come out as clear as it should have). Most important is the addition of restitution to victims of identity theft. Identity theft victims traditionally have spent hours of their time arguing with creditors and credit bureaus to clear up the damage done by an identity theft. Most restitution statutes do not include this time and any associated expenses as part of the restitution ordered. This section of the code makes clear that restitution shall be ordered for cost incurred, attorney’s fees, lost wages and value of the victim’s time spent clearing up credit issues or time lost in any proceedings to clear up any debt.

Section 13-44-301 amended to add that the Attorney General’s office could subpoena witnesses and documents, require the production of books, papers, contracts, records or other information relevant to an investigation and adjudicate a case administratively. This makes it possible to enforce the provisions of the Consumer Protection Act. Funding for this enforcement can come from the Attorney General’s Litigation Fund.

Sections 41-12a-803 and 805 amendments to these sections of the Motor Vehicle code were made to allow law enforcement officers to have access to the Uninsured Motorist Database to aid in their investigations of identity theft and other crimes.


Section 26-21-25; this bill amended the Health Care Facility Licensing and Inspection Act by providing measures to discourage identity theft and health insurance fraud.

Section 76-6-1102 amended to include the use of identity fraud to obtain employment as part of the offense.


Civil Action


Section 78B-2-1701; this bill creates a civil action for damages for an identity theft victim against a perpetrator.


Section 35A-4-312.5; this bill amends the Child Identity Theft provisions to include a program operated by the attorney general that uses IRIS and allows the attorney general to enter into an agreement with a third party to transmit verified personal information of a person younger than 18 years of age through secured means to enable the protection of the person’s Social Security number from misuse.


Section 76-6-1102 amended to provide that someone is guilty of identity fraud when they knowingly use or attempts to use personal identifying information of another, whether that person is alive or deceased.

Section 76-6-1102 amended to add “photographic or realistic likeness” to the list of personal identifying information a persona may use to commit identity fraud.

More to come…


































Site SettingsSettings