§ 2-184. Definitions  

(a) Identity theft is a term used to refer to fraud that involves stealing money or getting other benefits by pretending to be someone else. The term is relatively new and is actually a misnomer, since it is not inherently possible to steal an identity, only to use it. The person whose identity is used can suffer various consequences when they are held responsible for the perpetrator's actions. Specific laws make it a crime to use another person's identity for personal gain.

(b) Fraud is the crime or offense of deliberately deceiving another in order to damage them, usually, to obtain property or services unjustly. [1] Fraud can be accomplished through the aid of forged objects. In the criminal law of common law jurisdictions it may be called "theft by deception," "larceny by trick," "larceny by fraud and deception" or something similar. Fraud can be committed through many methods, including mail, wire, phone, and the Internet (computer crime and Internet fraud). The difficulty of checking identity and legitimacy online, the ease with which hackers can divert browsers to dishonest site and steal credit card details, the international dimensions of the Web and ease with which users can hide their location, all contribute to making Internet fraud the fastest growing area of fraud.

(c) Sensitive information is information that is identifying information according to the Act and through contractual obligations related to merchant services (credit card acceptance). The following are specifically identified as sensitive information:

(1) Social security and employer taxpayer identification numbers.

(2) National and international identification.

(3) Drivers' license, state identification card, or passport numbers.

(4) Credit card and debit card numbers (pending future applications).

(5) Savings and checking account numbers.

(6) Personal identification (PIN) code (pending future applications).

(7) Passwords.

(8) Electronic identification numbers, electronic mail names or addresses, internet account numbers, or internet identification names (pending future applications).

(9) Customer credit information (credit history, pay arrangements, and financial transactions).

(10) Any other numbers or information that can be used to access a person's financial resources.

(11) A person's first name or first initial and last name in combination with identifying information.

(d) Confidential information under G.S. section 132-1, the Town of Kure Beach also has an obligation to secure and limit access to other information involving customers and employees. The following are identified as confidential information, although this is not a complete listing:

(1) Communication with legal counsel.

(2) State and local tax information that contain information about a taxpayer's income or receipts except as provided in G.S. sections 153A-148.1 and 160A-208.1.

(3) Public enterprise billing information (utility customer data).

(4) Records of criminal investigations conducted by public law enforcement agencies.

(5) Emergency response plans.

(6) Economic development incentives.

(e) Security breach. A breach is considered to have taken place if any sensitive or confidential information is suspected to have been stolen, viewed, copied, or otherwise compromised by an unauthorized individual or if it is suspected that information has been lost and could be accessed by unauthorized individual(s). A breach of information can occur physically or virtually via technology. Access and use of sensitive or confidential information by an employee or agent of the Town of Kure Beach for a legitimate purpose is not a security breach, provided that the sensitive or confidential information is not used for a purpose other than a lawful purpose and is not subject to further unauthorized disclosure.