California's Anti-Phishing Law

California in 2005 became the first state to enact legislation designed specifically to deter phishing. Under the Anti-Phishing Act of 2005, it is unlawful in the state “for any person, by means of a Web page, electronic mail message, or otherwise through use of the Internet, to solicit, request, or take any action to induce another person to provide identifying information by representing itself to be a business without the authority or approval of the business.”

Unlike federal statutes, the California law provides for civil liability as opposed to criminal penalties. Some victims of phishing, including those who provide Internet access service to the public, own a Web page, or own a trademark, may recover up to $500,000 for each proven violation of the statute. Other victims may recover up to $5000 for each violation of the statute. The statute also allows the state’s attorney general or a district attorney in the state to bring an action to enjoin further violations.

California is also among a few states that allow consumers to place freezes on their credit reports. This option is similar to provisions in the federal Fair and Accurate Transactions Act, although the state’s option is stronger than the federal counterpart. Nevertheless, few consumers in those states take advantage of this option, primarily because it is not well advertised and it is costly.


Inside California's Anti-Phishing Law