Code Section Group

Business and Professions Code - BPC

DIVISION 8. SPECIAL BUSINESS REGULATIONS [18400 - 22948.25]

  ( Division 8 added by Stats. 1941, Ch. 44. )

CHAPTER 33. Anti-Phishing Act of 2005 [22948 - 22948.3]
  ( Chapter 33 added by Stats. 2005, Ch. 437, Sec. 1. )

22948.
  

This chapter shall be known and may be cited as the Anti-Phishing Act of 2005.

(Added by Stats. 2005, Ch. 437, Sec. 1. Effective January 1, 2006.)

22948.1.
  

For the purposes of this chapter, the following terms have the following meanings:

(a) “Electronic mail message” means a message sent to a unique destination, commonly expressed as a string of characters, consisting of a unique user name or mailbox (commonly referred to as the “local part”) and a reference to an Internet domain (commonly referred to as the “domain part”), whether or not displayed, to which an electronic message can be sent or delivered.

(b) “Identifying information” means, with respect to an individual, any of the following:

(1) Social security number.

(2) Driver’s license number.

(3) Bank account number.

(4) Credit card or debit card number.

(5) Personal identification number (PIN).

(6) Automated or electronic signature.

(7) Unique biometric data.

(8) Account password.

(9) Any other piece of information that can be used to access an individual’s financial accounts or to obtain goods or services.

(c) “Internet” shall have the meaning as defined in paragraph (6) of subdivision (f) of Section 17538.

(d) “Web page” means a location that has a single uniform resource locator or other single location with respect to the Internet.

(Added by Stats. 2005, Ch. 437, Sec. 1. Effective January 1, 2006.)

22948.2.
  

It shall be unlawful for any person, by means of a Web page, electronic mail message, or otherwise through use of the Internet, to solicit, request, or take any action to induce another person to provide identifying information by representing itself to be a business without the authority or approval of the business.

(Added by Stats. 2005, Ch. 437, Sec. 1. Effective January 1, 2006.)

22948.3.
  

(a) The following persons may bring an action against a person who violates or is in violation of Section 22948.2:

(1) A person who (A) is engaged in the business of providing Internet access service to the public, owns a Web page, or owns a trademark, and (B) is adversely affected by a violation of Section 22948.2.

An action brought under this paragraph may seek to recover the greater of actual damages or five hundred thousand dollars ($500,000).

(2) An individual who is adversely affected by a violation of Section 22948.2 may bring an action, but only against a person who has directly violated Section 22948.2.

An action brought under this paragraph may seek to enjoin further violations of Section 22948.2 and to recover the greater of three times the amount of actual damages or five thousand dollars ($5,000) per violation.

(b) The Attorney General or a district attorney may bring an action against a person who violates or is in violation of Section 22948.2 to enjoin further violations of Section 22948.2 and to recover a civil penalty of up to two thousand five hundred dollars ($2,500) per violation.

(c) In an action pursuant to this section, a court may, in addition, do either or both of the following:

(1) Increase the recoverable damages to an amount up to three times the damages otherwise recoverable under subdivision (a) in cases in which the defendant has engaged in a pattern and practice of violating Section 22948.2.

(2) Award costs of suit and reasonable attorney’s fees to a prevailing plaintiff.

(d) The remedies provided in this section do not preclude the seeking of remedies, including criminal remedies, under any other applicable provision of law.

(e) For purposes of paragraph (1) of subdivision (a), multiple violations of Section 22948.2 resulting from any single action or conduct shall constitute one violation.

(Added by Stats. 2005, Ch. 437, Sec. 1. Effective January 1, 2006.)

BPCBusiness and Professions Code - BPC