Virgin Islands The Identity Theft Prevention Act
14 V.I.C. § 2220, et seq.
Virgin Islands Code Annotated
TITLE FOURTEEN Crimes (Chs. 1 — 124)
Chapter 110. Theft (Subch. I)
Subchapter I. Identity Theft (§§ 2200 — 2212)
§ 2200. Short title
§ 2201. Definitions
§ 2202. Identity theft
§ 2203. Aggravated identity theft
§ 2204. Civil remedies
§ 2205. Offenders interest in the property
§ 2206. Mandating law enforcement agencies to accept and provide reports; judicial factual determination
§ 2207. Chapter not exclusive § 2208. Notices of security breach
§ 2209. Disclosure of breach of security
§ 2210. Waiver unenforceable
§ 2211. Remedies
§ 2212. Severability
§ 2200. Short title
This subchapter may be cited as “The Identity Theft Prevention Act.”
History
—Added Oct. 17, 2005, No. 6789, § 2, Sess. L. 2005, p. 336.
§ 2201. Definitions
In this subchapter unless the context otherwise requires:
(a) “Personal identification document” means a birth certificate, a drivers license, a state identification card, a public, government, or private employment identification card, a Social Security card, a firearm owner's identification card, a credit card, a debit card, or a passport issued to or on behalf of a person other than the offender, or any document made or issued, or falsely purported to have been made or issued, by or under the authority of the United States Government, the Government of the Virgin Islands, or any other state political subdivision of any state or territory, or any other governmental or quasi-governmental organization that is of a type intended for the purpose of identification of an individual, or any such document made or altered in a manner that it falsely purports to have been made on behalf of or issued to another person or by the authority of one who did not give that authority.
(b) “Personal identifying information” means any of the following information:
(1) A person's name;
(2) A person's address;
(3) A person's date of birth;
(4) A person's telephone number;
(5) A person's drivers license number or identification card as assigned by the Virgin Islands Police Department or a similar agency of another state or territory;
(6) A person's Social Security number;
(7) A person's public, private, or government employer, place of employment, or employment identification number;
(8) The maiden name of a person's mother
(9) The number assigned to a person's depository account, savings account, or brokerage account;
(10) The number assigned to a person's credit or debit card, commonly known as a “Visa Card”, “Master Card”, “American Express Card”, “Discover Card”, or other similar cards, whether issued by a financial institution, corporation, or business entity;
(11) Personal identification numbers;
(12) Electronic identification numbers;
(13) Digital signals;
(14) Any other numbers or information that can be used to access a person's financial resources, or to identify a specific individual.
(c) “Document-making implement” means any implement, impression, template, computer file, computer disc, electronic device, computer hardware, computer software, instrument, or device that is used to make a real or fictitious or fraudulent personal identification document.
History
—Added Oct. 17, 2005, No. 6789, § 2, Sess. L. 2005, pp. 336, 337.
§ 2202. Identity theft
(a) A person commits the offense of identity theft when he or she knowingly:
(1) uses any personal identifying information or personal identification document of another person to obtain credit, money, goods, services, or other property fraudulently, or
(2) uses any personal identification information or personal identification document of another with intent to commit any felony theft or other felony violation of the laws of the Virgin Islands not set forth in paragraph (1) of this subsection (a), or
(3) obtains, records, possesses, sells, transfers, purchases, or manufactures any personal identification information or personal identification document of another with intent to commit or to aid or abet another in committing any felony theft or other felony violation of the laws of the Virgin Islands, or
(4) uses, obtains, records, possesses, sells, transfers, purchases, or manufactures any personal identification information or personal identification document of another knowing that such personal identification information or personal identification documents were stolen or produced without lawful authority, or
(5) uses, transfers, or possesses document-making implements to produce false identification or false documents with knowledge that they will be used by the person or another to commit any felony theft or other felony violation of law.
(b) Knowledge shall be determined by an evaluation of all circumstances surrounding the use of the other person's identifying information or document.
(c) When a charge of identity theft of credit, money, goods, services, or other property exceeding a specified value is brought, the value of the credit, money, goods, services, or other property is an element of the offense to be resolved by the trier of fact as either exceeding or not exceeding the specified value.
(d) Sentence.
(1) A person convicted of identity theft in violation of paragraph (1) of subsection (a) shall be sentenced as follows:
(A) identity theft of credit, money, goods, services, or other property not exceeding $300 in value is a misdemeanor. A person who has been previously convicted of identity theft of less than $300 who is convicted of a second or subsequent offense of identity theft of less than $300 is guilty of a felony and is punishable by a term of imprisonment of 1 year and not more than 4 years. A person who has been convicted of identity theft of less than $300 who has been previously convicted of any type of theft, robbery, armed robbery, burglary, residential burglary, possession of burglary tools, home invasion, home repair fraud, aggravated home repair fraud, or financial exploitation of an elderly or disabled person is guilty of a felony and is punishable by a term of imprisonment of 1 year and not more than 4 years. When a person has any such prior conviction, the information or indictment charging that person shall state the prior conviction so as to give notice of the Government's intention to treat the charge as a felony. The fact of the prior conviction is not an element of the offense and may not be disclosed to the jury during trial unless otherwise permitted by issues properly raised during the trial.
(B) Identity theft of credit, money, goods, services, or other property exceeding $300 and not exceeding $2,000 in value is a felony and is punishable by a term of imprisonment of 1 year and not more than 4 years.
(C) Identity theft of credit, money, goods, services, or other property exceeding $2,000 and not exceeding $10,000 in value is a felony and is punishable by a term of imprisonment of not less than 2 years and not more than 5 years.
(D) Identity theft of credit, money, goods, services, or other property exceeding $10,000 and not exceeding $100,000 in value is a felony and is punishable by a term of imprisonment of not less than 3 years and not more than 7 years.
(E) Identity theft of credit, money, goods, services, or other property exceeding $100,000 in value is a felony and is punishable by a term of imprisonment of not less than 4 years and not exceeding 15 years.
(2) A person convicted of any offense enumerated in paragraphs (2) through (5) of subsection (a) is guilty of a felony and is punishable by a term of imprisonment of 1 year and not more than 4 years.
(3) A person convicted of any offense enumerated in paragraphs (2) through (5) of subsection (a) a second or subsequent time is guilty of a felony that is punishable by a term of imprisonment of not less than 2 years and not exceeding 5 years.
(4) A person who, within a 12 twelve month period, is found in violation of any offense enumerated in paragraphs (2) through (5) of subsection (a) with respect to the identifiers of 3 or more separate individuals, at the same time or consecutively, is guilty of a felony that is punishable by a term of imprisonment of not less than 2 years and not exceeding 5 years.
History
—Added Oct. 17, 2005, No. 6789, § 2, Sess. L. 2005, pp. 337–340.
§ 2203. Aggravated identity theft
A person commits the offense of aggravated identity theft when the person commits the offense of identity theft as; set forth in section 2202, subsection (a) against:
(1) A person who is 60 years of age or older;
(2) A dependent adult, as defined in 34 V.I.C. § 452; or
(3) A person who is less than 18 years of age.
(b) Knowledge shall be determined by an evaluation of all circumstances surrounding the use of the other person's identifying information or document.
(c) A defense to aggravated identity theft:
(1) as set forth in subsection (a)(l) of this section does not exist merely because the accused reasonably believed the victim to be a person less than 60 years of age; or
(2) as set forth in subsection (a)(2) of this section does not exist merely because the accused reasonably believed that the victim was not a dependent adult; or
(3) as set forth in subsection (a)(3) does not exist merely because the accused reasonably believed the victim to be a person over the age of 18.
(d) Sentence. Aggravated identity theft of any amount is a felony punishable by a fine up to $10,000 and by a term of imprisonment of up to 15 years for the first conviction:
A person who has been previously convicted of aggravated identity theft, who is convicted of a second or subsequent offense of aggravated identity theft, shall be punished by a term of imprisonment of not less than 6 years but not more than 30 years.
History
—Added Oct. 17, 2005, No. 6789, § 2, Sess. L. 2005, pp. 340, 341; amended Mar. 23, 2016, No. 7840, §§ 1(a)–(c)(1)–(4), Sess. L. 2016, p. 6, 7.
§ 2204. Civil remedies
A person who is convicted of identity theft or aggravated identity theft is liable in a civil action to the person who suffered damages as a result of the violation. The person suffering damages may recover court costs, attorney's fees, lost wages, and actual damages.
History
—Added Oct. 17, 2005, No. 6789, § 2, Sess. L. 2005, p. 341.
§ 2205. Offenders interest in the property
It is no defense to a charge of identity theft or aggravated identity theft that the offender has an interest in the credit, money, goods, services, or other property.
History
—Added Oct. 17, 2005, No. 6789, § 2, Sess. L. 2005, p. 341.
§ 2206. Mandating law enforcement agencies to accept and provide reports; judicial factual determination
(a) A person who has learned or reasonably suspects that his or her personal identifying information has been unlawfully used by another may initiate a law enforcement investigation by contacting the Virgin Islands Police Department, which shall take a police report of the matter, provide the complainant with a copy of that report, and begin an investigation of the facts or, if the suspected crime was committed in a different jurisdiction, refer the matter to the law enforcement agency where the suspected crime was committed for an investigation of the facts.
(b) A person who reasonably believes that he or she is the victim of financial identity theft may petition a court, on its own motion or upon application of the prosecuting attorney, may move for an expedited judicial determination of his or her factual innocence, where the perpetrator of the financial identity theft was arrested for, cited for, or convicted of a crime under the victim's identity, or where a criminal complaint has been filed against the perpetrator in the victim's name, or where the victim's identity has been mistakenly associated with a criminal conviction. Any judicial determination of factual innocence made pursuant to this subsection (b) may be heard and determined upon declarations, affidavits, police reports, or other material, relevant, and reliable information submitted by the parties or ordered to be part of the record by the court. If the court determines that the petition or motion is meritorious and that there is no reasonable cause to believe that the victim committed the offense for which the perpetrator of the identity theft was arrested, cited, convicted, or subject to a criminal complaint in the victim's name, or that the victim's identity has been mistakenly associated with a record of criminal conviction, the court shall find the victim factually innocent of that offense. If the victim is found factually innocent, the court shall issue an order certifying this determination.
(c) After a court has issued a determination of factual innocence under this section, the court may order the name and associated personal identifying information contained in the court records, files, and indexes accessible by the public sealed, deleted, or labeled to show that the data is impersonated and does not reflect the defendant's identity.
(d) A court that has issued a determination of factual innocence under this section may at any time vacate that determination if the petition, or any information submitted in support of the petition, is found to contain any material misrepresentation or fraud.
History
—Added Oct. 17, 2005, No. 6789, § 2, Sess. L. 2005, pp. 341, 342.
§ 2207. Chapter not exclusive
This chapter shall not be construed to preclude the applicability of any other provision of the criminal law of the Virgin Islands which presently applies or may in the future apply to any transaction that violates this chapter, unless such provision is inconsistent with the terms of this chapter.
History
—Added Oct. 17, 2005, No. 6789, § 2, Sess. L. 2005, p. 342.
§ 2208. Notices of security breach
(a) Any agency that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of the Virgin Islands whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure must be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subsection (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
(b) Any agency that maintains computerized data that includes personal information that the agency does not own shall notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person.
(c) The notification required by this section may be delayed, if a law enforcement agency determines that the notification will impede a criminal investigation. The notification required by this section must be made after the law enforcement agency determines that it will not compromise the investigation.
(d) For purposes of this section, “breach of the security of the system” means unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the agency. Good faith acquisition of personal information by an employee or agent of the agency for the purposes of the agency is not a breach of the security of the system, provided that the personal information is not used or subject to further unauthorized disclosure.
(e) For purposes of this section, “personal information” means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted:
(1) Social Security number.
(2) Driver's license number.
(3) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account.
(f) For purposes of this section, “personal information” does not include publicly available information that is lawfully made available to the general public from federal, state, or territorial government records.
(g) For purposes of this section, “notice” may be provided by one of the following methods:
(1) Written notice.
(2) Electronic notice, if the notice provided is consistent with the provisions regarding electronic records and signatures set forth in section 7001 of Title 15 of the United States Code.
(3) Substitute notice, if the agency demonstrates that the cost of providing notice would exceed $100,000, or that the affected class of subject persons to be notified exceeds 50,000, or the agency does not have sufficient contact information. Substitute notice shall consist of all of the following:
(A) E-mail notice when the agency has an e-mail address for the subject persons.
(B) Conspicuous posting of the notice on the agency's Web site page, if the agency maintains one.
(C) Notification to major territory-wide media.
(h) Notwithstanding subsection (g), an agency that maintains its own notification procedures as part of an information security policy for the treatment of personal information and is otherwise consistent with the timing requirements of this part shall be deemed to be in compliance with the notification requirements of this section if it notifies subject persons in accordance with its policies in the event of a breach of security of the system.
History
—Added Oct. 17, 2005, No. 6789, § 2, Sess. L. 2005, pp. 342–344.
§ 2209. Disclosure of breach of security
(a) Any person or business that conducts business in the Virgin Islands, and that owns or licenses computerized data that includes personal information, shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of the Virgin Islands whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure must be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subsection (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
(b) Any person or business that maintains computerized data that includes personal information that the person or business does not own shall notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person.
(c) The notification required by this section may be delayed if a law enforcement agency determines that the notification will impede a criminal investigation. The notification required by this section shall be made after the law enforcement agency determines that it will not compromise the investigation.
(d) For purposes of this section, “breach of the security of the system” means unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the person or business. Good faith acquisition of personal information by an employee or agent of the person or business for the purposes of the person or business is not a breach of the security of the system, provided that the personal information is not used or subject to further unauthorized disclosure.
(e) For purposes of this section, “personal information” means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted:
(1) Social Security number.
(2) Driver's license number.
(3) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account.
(f) For purposes of this section, “personal information” does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.
(g) For purposes of this section, “notice” may be provided by one of the following methods:
(1) Written notice.
(2) Electronic notice, if the notice provided is consistent with the provisions regarding electronic records and signatures set forth in Section 7001 of Title 15 of the United States Code.
(3) Substitute notice, if the person or business demonstrates that the cost of providing notice would exceed $100,000 or that the affected class of subject persons to be notified exceeds 50,000, or the person or business does not have sufficient contact information. Substitute notice shall consist of all of the following:
(A) E-mail notice when the person or business has an e-mail address for the subject persons.
(B) Conspicuous posting of the notice on the Web site page of the person or business, if the person or business maintains one.
(C) Notification to major territory-wide media.
(h) Notwithstanding subsection (g), a person or business that maintains its own notification procedures as part of an information security policy for the treatment of personal information and is otherwise consistent with the timing requirements of this subchapter is deemed to be in compliance with the notification requirements of this section if the person or business notifies subject persons in accordance with its policies in the event of a breach of security of the system.
History
—Added Oct. 17, 2005, No. 6789, § 2, Sess. L. 2005, pp. 344–346.
§ 2210. Waiver unenforceable
Any waiver of the provisions of this title is contrary to public policy, and is void and unenforceable.
History
—Added Oct. 17, 2005, No. 6789, § 2, Sess. L. 2005, p. 346.
§ 2211. Remedies
(a) Any customer injured by a violation of this title may commence a civil action to recover damages.
(b) Any business that violates, proposes to violate, or has violated this title may be enjoined.
(c) The rights and remedies available under this section are cumulative to each other and to any other rights and remedies available under law.
History
—Added Oct. 17, 2005, No. 6789, § 2, Sess. L. 2005, p. 346.
§ 2212. Severability
If any provision of this chapter or its application to any person or circumstances is held invalid, the invalidity shall not affect other provisions or applications of the chapter, which can be given effect without the invalid provision or application, and to this end the provisions of this chapter are declared to be severable.
History
—Added Oct. 17, 2005, No. 6789, § 2, Sess. L. 2005, p. 346.
These materials were obtained directly from the State Legislative websites and are posted here for your review and reference only. No Claim to Original State Government Works. This may not be the most recent version. The State may have more current information. We make no guarantees or warranties about the accuracy or completeness of this information, or the information linked to. Please check the linked sources directly.