Skip to Page Content
 Home  |  Contact Us  |  Press Room  |  Site Overview  |  Help  |  Login  |  Register
Add to MyNCSL

2006 State Legislation Relating to "Phishing"*

Year-end Summary

Phishing is a scam where fraudsters send spam or popup messages to lure personal or financial information from unsuspecting victims.  (See OnGuardOnline.gov for practical tips from the federal government and private industry to help guard against Internet fraud).

Summary: Bills introduced in at least twelve states in 2006; enacted in at least seven states: Connecticut, Hawaii, Louisiana, New YorkOklahomaTennessee, Utah.  (See also 2005 State Legislation Relating to Phishing)

CALIFORNIA
A.B. 2919
Provides that engaging in "unlawful phishing" is a crime.

S.B. 1388
05/30/06 Passed Senate
Creates criminal penalties for phishing.

CONNECTICUT
S.B. 566
05/08/06 Signed by Governor, Act 50
Prohibits using the Internet or an e-mail message to solicit or induce another to provide identifying information by pretending to be an on-line Internet business and  provides civil and criminal penalties.

FLORIDA
H.B. 7157
Prohibits inducing, requesting, or soliciting identifying information with an intent to engage in conduct involving the fraudulent use or possession of another person's identifying information; authorizes civil actions for violations; provides for; provides for nonapplication to certain entities' good faith handling of identifying information.

H.E.D.T. 3
(Proposed Committee Bill) Creates the “Anti-Phishing Act of 2006.”; prohibits the fraudulent use of a web page or Internet domain name to obtain personal identifying information from a resident of Florida; prohibits the fraudulent use of electronic mail to obtain personal identifying information from a resident of Florida; provides a civil action for injunction and damages.

S.B. 2162
Prohibits a person or business entity from using Internet to solicit, request, or take any action to induce computer user to provide personal identification  information by fraudulently representing that person or business is  on-line business; prohibits business entity or person who is not authorized user of computer from committing certain specified deceptive acts or practices that involve computer.

HAWAII
H.B. 3244
05/25/06 Signed by Governor, Act 140
Extends the life of the Hawaii Anti-Phishing Task Force established in 2005 and changes its name to the Identity Theft Task Force.  Expands the responsibilities of the Task Force by requiring the Task Force to: 1) identify best practices to prevent identity theft; 2) establish a timetable for the removal of personal identifying information from public records in Hawaii; 3) review the current practices of other jurisdictions associated with the use and disclosure of government records contained social security numbers, the current volume and likely future increase or decrease in the volume of these government records, and the practicability of any proposed mandatory redaction from certain types of records or documents; and 4) identify and recommend solutions to social security number protection issues.  Appropriates funds for the development of a uniform system of tracking identity theft crimes.

LOUISIANA 
H.B. 679
04/18/06 Passed House
Creates the "Louisiana Anti-Phishing Act"; prohibits use of the Internet to obtain identifying information of another person for a fraudulent purpose and provides for civil relief.

H.B. 798
06/02/06 Signed by Governor, Act 201
Creates the “Anti-Phishing Act of 2006"; provides definitions; prohibits unlawful requests; and provides civil remedies.

S.B. 96
04/05/06 Substituted by SB 641
Creates the "Anti-Phishing Act"; prohibits the use of the Internet or other electronic means to solicit, request, or induce another person to provide identifying information in certain circumstances; provides definitions; and provides for civil relief.

S.B. 641
06/22/06 Signed by Governor, Act 549
Creates the "Louisiana Anti-Phishing Act"; prohibits the use of the Internet to obtain identifying information of another person for a fraudulent purpose and provides for civil relief.

NEW JERSEY
A.B. 3382
Establishes the Anti-Phishing Act; makes it an unlawful practice for any person, through the use of the Internet, to take any action to induce another person to provide personal information by representing oneself, either directly or by implication, to be a business without the authority or approval of that business.

NEW YORK
A.B. 7852
Establishes the crime of obtaining identity by electronic fraud when a person knowingly and willingly solicits, requests or takes any action by means of a fraudulent electronic communication with the intent to obtain the personal identifying information of another.

A.B. 8025 / S.B. 5370
06/07/06 Signed by Governor, Chapter 64
Enacts the Anti-Phishing Act of 2005, prohibiting the misuse of the internet to obtain identifying information by misrepresenting oneself as an online business; authorizes the Attorney General, internet service providers, and those owning a web page or trademark, who are adversely affected by such conduct to bring an action for injunctive relief and damages.

A.B. 11795 / S.B. 8170
07/26/06 Signed by Governor, Chapter 414
Makes corrections to the anti-phishing act of 2006; makes technical corrections and provides for no limitations on rights and remedies which are otherwise available under law to the attorney general or any other person authorized to bring an action.

OHIO
H.B. 633
Provides consumer protection against spyware; relates to advertisements, bundled software, computer viruses, confidentiality of data, damage, distributed denial of service, intentionally deceptive and fraudulent statements, credit and debit card numbers, financial account numbers, failure to notify an authorized user regarding a download or installation of software, social security numbers, phishing and preventing a user's efforts to disable or block the installation of software.

OKLAHOMA
H.B. 2473
04/17/06 Signed by Governor, Chapter 56
Creates the “Anti-Phishing Act”; prohibits persons from creating and using web pages with certain fraudulent intent; allows certain persons to bring civil actions for violations of the act; provides damages; makes unlawful acts under act violations of the Oklahoma Consumer Protection Act; and exempts certain actions by telecommunications providers or Internet service providers from the act.

PENNSYLVANIA
H.B. 2292
06/28/06 Passed House
Provides for the protection of consumers from phishing and for criminal and civil enforcement.

S.B. 1036
06/20/06 Passed Senate
Prohibits phishing and pharming; provides for nonapplication to certain entities; provides criminal felony penalty; and provides civil relief.

TENNESSEE
H.B. 3105 / S.B. 2575
05/01/06 Signed by Governor, Chapter 566
Creates the “Anti-Phishing Act of 2006”; penalizes persons who, without authorization or permission of subject of identifying information, obtain, record, access or distribute identifying information of another person through use of Internet, e-mail or wireless communication; establishes that any violation shall be construed to be an unfair or deceptive act or practice affecting trade or commerce; and provides for civil relief.

UTAH
S.B. 52
03/13/06 Signed by Governor, Chapter 120
Amends the Communication Fraud statute; provides that when an act of communications fraud involves obtaining sensitive personal identifying information, the offense is a second degree felony.

* Represents only legislation that specifically addresses "phishing."  Additional states may be considering legislation that addresses fraudulent or deceptive actions involving the Internet and e-mail or identity theft legislation that could apply to phishing schemes. 

Back arrow, return to previous page Return to Electronic/Internet Privacy: State Actions

Denver Office: Tel: 303-364-7700 | Fax: 303-364-7800 | 7700 East First Place | Denver, CO 80230 | Map
Washington Office: Tel: 202-624-5400 | Fax: 202-737-1069 | 444 North Capitol Street, N.W., Suite 515 | Washington, D.C. 20001