Legislation relevant to fraud and identity theft can take three forms.
Firstly, it prohibits particular activities, for example forgery of a signature on a bank cheque, manufacturing documents for the purposes of identity fraud or impersonating an official. Some Australian and overseas enactments are highlighted below.
Secondly, it encompasses legislation that assists victims to deal with identity theft in a timely manner, for example, it encourages financial reference services to provide victims with information.
Thirdly - and perhaps just as importantly - legislation encompasses obligations for organisations to protect information collected by or entrusted to them.
There are laws at state level, which deal with fraud, forgery, deception, theft and conspiracy to commit these crimes. At Commonwealth level, the Crimes Act deals with identity offences around dishonestly obtaining information (except DNA or biometric), including financial, without consent.
Federal legislation reflects the national government's constitutional, with fraud/theft provisions relating to interstate commerce and communications (eg the Cybercrime Act 2001) and offences against the Commonwealth under the Crimes Act.
Recent legislation of interest includes - Criminal Code Amendment (Theft, Fraud, Bribery & Related Offences) Act 2000 and the Financial Transaction Reports Act 1998.
Salient provisions under the Criminal Code are obtaining property by deception, obtaining a financial advantage by deception, general dishonesty, obtaining financial advantage, conspiracy to defraud, forgery, using forged document and falsification of documents - s. 145.4
High tech crimes include computer intrusions (e.g. malicious hacking); unauthorised modification of data, including destruction of data; denial of service attacks; and the creation and distribution of malicious software (e.g. viruses, worms, Trojans). These crimes are defined in the Criminal Code Act 1995, Part 10.7 Computer Offences. It should be noted that a crime is not necessarily considered 'high tech' because technology has been used, for example frauds that are conducted online are not always regarded as 'high tech'.
Australian states and territories address fraud and ID theft through common and statute law.
The Federal Privacy Act 1988 protects your personal information. Generally the Privacy Act covers the collection, use and disclosure, quality and security of personal information. The Act also gives you rights to access and correct personal information about you. You also have the right to make a complaint if you think your personal information has been mishandled.
The eleven Information Privacy Principles in the Federal Privacy Act protect your personal information and give you rights in the way Commonwealth and ACT government agencies handle your information.
The ten National Privacy Principles in the Act protect your personal information and give you rights in the way private sector organisations, including some small businesses and all private health providers handle the information.
The Federal Privacy Act also protects information in other ways, for example, Tax File Numbers and your credit information. The Privacy Commissioner also has special responsibilities in regard to national health, spent convictions, data-matching and telecommunications.
For more information visit The Office of the Privacy Commissioner
The Federal Privacy Act does not regulate state or territory agencies, except for the Australian Capital Territory. For information on privacy regulations in the states and territories please refer to the appropriate state or territory section below.
Australia's anti-money laundering laws place obligations on financial institutions and other financial intermediaries. Those obligations are contained in the Financial Transaction Reports Act 1988 (the FTR Act). The FTR Act ‘cash dealers’, as defined, to report to the Director of The Australian Transaction Reports and Analysis Centre (AUSTRAC):
- suspicious transactions
- cash transactions of A$10,000 or more or the foreign currency equivalent
- international funds transfer instructions.
The FTR Act also requires cash dealers to verify the identity of persons who are signatories to accounts, and also prohibits accounts being opened or operated in a false name.
Cash dealers as defined in the FTR Act include:
- banks, building societies and credit unions referred to as ‘financial institutions’
- financial corporations
- insurance companies and insurance intermediaries
- securities dealers and futures brokers
- cash carriers
- managers and trustees of unit trusts
- firms that deal in travellers cheques, money orders and the like
- persons who collect, hold, exchange or remit currency on behalf of other persons
- currency and bullion dealers
- casinos and gambling houses
There are also requirements for the public to report cash transfers into and out of Australia of A$10,000 or more or the foreign currency equivalent.
The legislation provides penalties for avoiding the reporting requirements and in respect of false or incomplete information. It also has penalties for persons who facilitate or assist in these activities.
The reporting and identification requirements, backed by penalties for offences, provide a strong deterrent to money launderers and facilitators of money laundering. These provisions increase the level of risk associated with abuse of the Australian financial system by tax evaders and organised crime groups. It also adds to their costs of doing business and in particular in laundering their illicit profits.
The legislation also sets a standard, which must be met by the cash dealers. Failure to meet the standard places the cash dealer at risk of being used in the process of money laundering and thus subject to consequential penalties when detected. Penalties include pecuniary penalties and imprisonment.
The Government is currently in the process of amending its anti-money laundering laws. Once the new laws are in place, new requirements will apply to the identification of customers and the reporting of suspicious transactions. It is expected that the new laws will come into operation in 2007.
For more information please visit AUSTRAC
Spam is the common term for electronic 'junk mail' - unwanted commercial electronic messages. Australia’s anti-spam legislation was introduced in 2003 in response to concerns about the impact of spam on the effectiveness of electronic communication and the costs imposed on end-users.
The Spam Act 2003 prohibits the sending of spam, which is identified as a commercial electronic message sent without the consent of the addressee via e-mail, short message service (SMS), multimedia message service (MMS) or instant messaging. The requirements under the Spam Act apply to all commercial electronic messages, including both bulk and individual messages.
For more information visit the Australian Government – Department of Communications, Information Technology and the Arts