Identity theft is a booming business. Each year, millions of Americans fall victim to identity theft or have their personal privacy otherwise compromised through unlawful means. Whether it comes in the form of a lost or stolen credit card, or computer hackers accessing social security numbers from employment records, financial institutions, medical records, or government agencies, the costs are staggering. Studies demonstrate that victims spend anywhere from a few hours to, in some cases, literally thousands of hours working to repair damage done by identity theft. Investigations related to identity theft often take months – or sometimes years – to resolve. Reports have estimated that hundreds of billions of dollars per year are lost by businesses worldwide due to identity theft. Individual victims sometimes lose thousands of dollars in wages resolving their cases, and can spend several hundred (sometimes thousands) of dollars in various expenses related to their case.

In an effort to combat ID theft, more than thirty states (including California, New York, Illinois, and Pennsylvania) have enacted laws restricting certain uses and disclosure of social security numbers. The federal judiciary has taken note – and is following suit. Recent revisions to the Federal Rules of Civil Procedure (FRCP) now require attorneys to redact certain personal identifying information of individuals involved in litigation when filing documents in federal court – either electronically or in traditional paper format. 

Revised FRCP 5.2(a) reads:

Unless the court orders otherwise, in an electronic or paper filing with the court that contains an individual’s social-security number, taxpayer-identification number, or birth date, the name of an individual known to be a minor, or a financial-account number, a party or nonparty making the filing may include only:
(1) the last four digits of the social-security number and taxpayer identification number;
(2) the year of the individual’s birth;
(3) the minor’s initials; and
(4) last four digits of the financial-account number.

Last month, the federal district court in Minnesota imposed a $5,000 fine against an attorney who violated FRCP 5.2(a) by including personal information in a court filing. The court also ordered the attorney to contact each of the 179 individuals whose private information had been improperly disclosed in the non-compliant court filing and to offer each of them, at the attorney’s expense, individualized credit reports and a year’s worth of quarterly credit monitoring services. Furthermore, the court ordered the sanctioned attorney to appear in court next year to report on the status of the credit reports. In the opinion, the court noted that it was “deeply concerned with the harmful and widespread ramifications associated with negligent and inattentive electronic filing of court documents.”

The court’s ruling should serve as a wake-up call to attorneys that they too must be careful to comply with privacy and data protection rules aimed at reducing the risk of identity theft.

This entry was written by Richard L. Sloane.

Photo credit: Kameleon007