State Victim Resources:
Agencies that offer assistance to IDT victims:
Legal Aid and Defender Association, Inc.
Program Phone: (313) 967-5555
Legal Assistance: (313) 964-4700
Legal Aid of Western Michigan
Program Phone: (616) 774-0672
Legal Assistance: (800) 442-2777
Legal Services of Eastern Michigan
Program Phone: (810) 234-2621
Legal Assistance: (800) 339-9513
Legal Services of Northern Michigan, Inc.
Program Phone: (989) 705-1067
Legal Assistance: (888) 645-9993
Legal Services of South Central Michigan
Program Phone: (734) 665-6181
Legal Assistance: (734) 665-6181
Michigan Indian Legal Services, Inc.
Program Phone: (231) 947-0122
Legal Assistance: (800) 968-6877
Elder Law of Michigan, Inc.
Toll Free: 1-866-400-9164
Elder Law of Michigan provides services that address a variety of issues and problems – including legal, financial, pension, economic, food security, and more.
Security Freeze Law:
No State law at this time. Security Freeze provided by the three Credit Reporting Agencies.
Mandatory Police Report Law for Identity Theft Victims:
Victims of identity theft are entitled to file a police report with a law enforcement agency in a jurisdiction where the alleged violation may be prosecuted, which includes the jurisdiction in which the offense occurred, in which the information used to commit the violation was illegally used, or the jurisdiction in which the victim resides. Victims are also entitled to a copy of the report from the law enforcement agency. Statute: §780.754a: http://legislature.mi.gov/doc.aspx?mcl-780-754a
Identity Theft Passport Law:
No State law at this time.
Identity Theft Laws:
State law prohibits a person from using or attempting to use the personal identifying information of another person, with intent to defraud or violate the law, or by concealing, withholding or misrepresenting the person’s identity, to obtain credit, goods, services, money, property, a vital record, a confidential telephone record, medical records or information, or employment; or commit another unlawful act. This includes the personal identifying information of a deceased person. This also includes:
- Obtaining or possessing, or attempting to obtain or possess, personal identifying information of another person with the intent to use that information to commit identity theft or another crime.
- Selling or transferring, or attempting to sell or transfer, personal identifying information of another person if the person knows or has reason to know that the specific intended recipient will use, attempt to use, or further transfer the information to another person for the purpose of committing identity theft or another crime.
- Falsifying a police report of identity theft, or knowingly creating, possessing, or using a false police report of identity theft.
Violations are a felony, punishable by up to five years in prison and/or a fine up to $25,000.
“Personal identifying information” means a name, number, or other information that is used for the purpose of identifying a specific person or providing access to a person’s financial accounts, including, but not limited to, a person’s name, address, telephone number, driver license or state personal identification card number, Social Security number, place of employment, employee identification number, employer or taxpayer identification number, government passport number, health insurance identification number, mother’s maiden name, demand deposit account number, savings account number, financial transaction device account number or the person’s account password, stock or other security certificate or account number, credit card number, vital record, or medical records or information.
Statute: §445.65: http://legislature.mi.gov/doc.aspx?mcl-445-65
Identity theft may be prosecuted in the jurisdiction in which the offense occurred, the jurisdiction in which the information used to commit the violation was illegally used, or the jurisdiction in which the victim resides. If the person is charged with more than one violation of identity theft crimes and those violations may be prosecuted in more than one jurisdiction, any of those jurisdictions may be used for prosecution.
Statute: §762.10c: http://legislature.mi.gov/doc.aspx?mcl-762-10c
Statute of Limitations:
Identity theft crimes can be prosecuted up to six years after the crime was committed or the identity of the thief was established.
Statute: §767.24: http://legislature.mi.gov/doc.aspx?mcl-767-24
Other Related Laws:
Financial transaction devices include electronic funds transfer cards, credit cards, debit cards, point-of-sale cards, and any instrument, device, card, account number, personal identification number, or code that can be used alone or in conjunction with another access device to obtain money, cash, credit, goods services, or anything of value; certify or guarantee the availability of funds; or provide access to a deposit account. It is a felony to:
- Possess, control, or receive from another person a financial transaction device with the intent to use, deliver, circulate, or sell the device without the consent of the device holder.
Statute: §750.157p: http://legislature.mi.gov/doc.aspx?mcl-750-157p
- Deliver, circulate, or sell a financial transaction device obtained or held fraudulently.
Statute: §750.157q: http://legislature.mi.gov/doc.aspx?mcl-750-157q
- Knowingly and with intent to defraud, make, directly or indirectly, a false statement in writing regarding identity to procure the issuance of a financial transaction device.
Statute: §750.157v: http://legislature.mi.gov/doc.aspx?mcl-750-157v
It is a misdemeanor, punishable by up to one year in jail and/or a fine up to $1000, to unlawfully use a device to capture personally identifiable information from a financial transaction device, by secretly or surreptitiously photographing, or otherwise capturing or recording, electronically or by other means. It is also a misdemeanor to distribute, disseminate, or transmit personal identifying information from a transaction that involves the use of a financial transaction device without the consent of the individual.
Statute: §750.539k: http://legislature.mi.gov/doc.aspx?mcl-750-539k
Social Security Numbers:
State law prohibits retailers from requiring a customer to disclose his/her Social Security number as a condition to selling goods or providing a service, unless the transaction included an extension of credit to the consumer or the disclosure was required by state or federal law.
Statute: §445.903: http://legislature.mi.gov/doc.aspx?mcl-445-903
State law restricts the public disclosure of Social Security numbers (SSNs) in order to prevent identity theft. It prohibits businesses from publicly posting of all or more than four sequential digits of an employee’s, student’s, or other individual’s SSN. It prevents businesses from using the complete SSN as a primary account number and from printing a SSN on any card or material mailed to an individual unless required by federal law. It also prohibits companies from requiring a consumer to transmit a SSN over the Internet, unless the connection is secure or the SSN is encrypted, and from requiring an individual to use his/her SSN to access the Web site, unless a password or unique personal identification number or other authentication device is also required to access the site.
Statute: §445.81 through 445.87: http://legislature.mi.gov/doc.aspx?mcl-Act-454-of-2004
Disposal of Records:
State law requires a person or agency that maintains a database that includes personal information regarding multiple individuals to destroy any data that contains personal information when that data is removed from the database. This includes destroying or arranging for the destruction of data by shredding, erasing, or otherwise modifying the data so that it cannot be read, deciphered, or reconstructed through generally available means.
Statute: §445.72a: http://legislature.mi.gov/doc.aspx?mcl-445-72a
Denial of Credit:
State law prohibits denying credit or public utility service or reducing a person’s credit solely because a consumer was a victim of identity theft. A consumer is presumed to be a victim of identity theft if he provides a copy of a police report evidencing the claim, and either a properly completed copy of a standardized affidavit of identity theft or an affidavit of fact.
Statute: §445.71: http://legislature.mi.gov/doc.aspx?mcl-445-71
State government agencies and businesses operating in the state that collect and maintain computerized records containing consumers’ personal information are required to notify consumers when their personal information is compromised during a security breach, putting them at risk of identity theft. A security breach occurs upon “unauthorized access and acquisition of data that compromises the security or confidentiality of personal information maintained by a person or agency as part of a database of personal information regarding multiple individuals.” After discovering or being notified of a breach of the security of the system, the database owner must disclose the breach to a resident whose unencrypted and
Un-redacted personal information was accessed and acquired by an unauthorized person, or whose encrypted personal information was accessed and acquired by an unauthorized person with access to the encryption key. Notification is not required unless the business or agency determines that the breach has not or is not likely to cause substantial loss or injury to, or result in identity theft, to residents of the state.
Personal information means the first name or first initial and last name linked to one or more of the following data elements: Social Security number, driver license number or state personal identification card number, demand deposit or other financial account number, or credit or debit card number, in combination with any required security code, access code, or password that would permit access to any of the resident’s financial accounts.
The disclosure must be made without unreasonable delay, consistent with legitimate needs of law enforcement. Notification can be provided to the affected persons by mail, e-mail, or telephone, depending on the existing relationship between the business or agency and consumer. If the cost of providing regular notice would exceed $250,000 or the amount of people to be notified exceeds 500,000, substitute notice may be provided. When substitute notice is used, it must consist of all of the following, as applicable: e-mail notice, conspicuous posting on the entity’s web site, and notification to major statewide media. The consumer reporting agencies must also be notified when the breach is disclosed to more than 1,000 people at a time.
Statute: §445.72: http://legislature.mi.gov/doc.aspx?mcl-445-72