The California legislature has amended the existing requirements for debt collectors who receive consumer claims of identity theft with the Identity Theft Resolution Act (“Act”). See AB 1723; Cal. Civ. Code § 1785.16.2. The Act does not take effect until January 1, 2017, but creditors should immediately start implementing new policies and procedures for debt collectors to follow to ensure that the creditor’s interest is protected under the amendments.
Under the Act, the time frame for reviewing claims of identity theft has been dramatically reduced for debt collectors. Once the debt collector receives the police report, written statement, and other information required under the law, it will have 10 business days to start an investigation of the dispute. After concluding its review, the debt collector must send the results of its investigation to the consumer within 10 business days. The timeframe under the Act is in stark contrast to current law, which sets no time frame for when a debt collector must investigate a consumer’s claim of identity theft, or when the debt collector must notify the creditor associated with the account or any consumer reporting agency (“CRA”) to which the debt has been reported. Current law only requires a debt collector to cease collection of a debt upon receipt of a police report filed by a consumer and a written statement alleging identity theft regarding the debt at issue.
While investigating the debtor’s claim of identity theft, the debt collector must review and consider all of the information provided by the debtor as well as information available to the debt collector in its file or from the creditor. The debt collector may apply common sense. For example, if the debtor has previously affirmed the debt or acknowledged it, that fact can be considered in determining whether the claim of identity theft is valid or made in good faith. The debt collector should document all communications and provide a clear explanation if it is decided that the claim is not valid. As mentioned above, once the debt collector concludes its review, it must send its decision to the debtor within 10 business days, notifying the debtor in writing that he or she is still responsible for the debt, as well as the basis for that determination. The debt collector may recommence collection activities only after making a good faith determination that the evidence presented does not establish the debtor is not responsible for that specific debt.
For CRA’s, if the debt collector determines that it will not recommence collection activities based on a valid identity theft claim and the debt collector previously provided information to the CRA, it must notify the CRA to delete that information no later than 10 business days after making the determination to stop collection activity.
For creditors, if the debt collector does not recommence collection activities based on the debtor’s valid claim of identity theft, the debt collector must notify the creditor no later than 10 business days after making such determination. The law prohibits a creditor from selling the debt if the creditor has received notice that the debt collector has terminated debt collection activities due to claims of identity theft. While the Act does not address a creditor’s remedy if the creditor believes that the consumer’s police report for the claim is false, California law holds that the creditor’s remedy in this instance is to seek a criminal trial to determine the truth of the police report. See Cal. Civ. Code § 47; see also Johnson v. Symantec Corp., 58 F.Supp.2d 1107, 1113 (1999) (holding that the communications privilege under California Civil Code section 47 applies to police reports, even false ones, and therefore the appropriate forum for determining the truth of a police report is a criminal trial). Many creditors, however, will find it impracticable to enter a police station to file a police report to determine the validity of the police report.
As such, we recommend that creditors immediately implement policies and guidelines for the debt collectors that it retains to collect the debts. Specifically, creditors should require all debt collectors to immediately notify the creditor once it has received a claim of identity theft so that the parties can investigate the validity of the identity theft claim together. In addition to ensuring that this will help protect the creditor’s interest, this will also equip the debt collector with additional comprehensive and reliable information that will result in a more accurate determination of the validity of the identity theft claim.
 The California legislature did not define “debt collector” in the Act, and it is ambiguous as to whether the definition of “debt collector” under the California Rosenthal Fair Debt Collection Practices Act, California Civil Code §§ 1788 et seq., which includes “creditors” should apply to the Act. While the Act does not separately define “debt collector,” the Act cites to the Fair Debt Collection Practices Act (“FDCPA”), 15 U.S. Code § 1692a, to define “debt collector.” See Cal. Civ. Code § 1785.16.2(a). Under the FDCPA, a “debt collector” is “any person who uses any instrumentality of interstate commerce or the mails in any business the principal purpose of which is the collection of any debts, or who regularly collects or attempts to collect, directly or indirectly, debts owed or due or asserted to be owed or due another.” The FDCPA also separately defines “creditor” as “any person who offers or extends credit creating a debt or to whom a debt is owed.” Consistent with distinguishing “debt collector” from “creditor,” the FDCPA has the “originator exclusion” under its definition for a “debt collector,” which states that excluded from the definition of debt collector is any person attempting to collect a debt that concerns a debt that was originated by that person. As such, original creditors would not fall under the FDCPA’s definition of “debt collector” absent some behavior from the creditor that may lead the Court to conclude that they are also a debt collector.