Fla. Stat. 817.032
Information available to identity theft victims

(1)

DEFINITION.As used in this section, the term “victim” means a person whose means of identification or financial information is used or transferred or is alleged to be used or transferred without the authority of that person with the intent to commit or to aid or abet an identity theft or a similar crime.

(2)

GENERALLY.For the purpose of documenting fraudulent transactions resulting from identity theft, within 30 days after the date of receipt of a request from a victim in accordance with subsection (4), and subject to verification of the identity of the victim and the claim of identity theft in accordance with subsection (3), a business entity that has provided credit to; provided for consideration products, goods, or services to; accepted payment from; or otherwise entered into a commercial transaction for consideration with, a person who has allegedly made unauthorized use of the means of identification of the victim, shall provide a copy of the application and business transaction records in the control of the business entity, whether maintained by the business entity or by another person on behalf of the business entity, evidencing any transaction alleged to be a result of identity theft to:
The victim;
A federal, state, or local government law enforcement agency, or officer specified by the victim in such a request; or
A law enforcement agency investigating the identity theft and authorized by the victim to take receipt of records provided under this section.
This subsection does not apply to a third-party providing a service to effect, administer, facilitate, process, or enforce a financial transaction initiated by an individual.

(a)

For the purpose of documenting fraudulent transactions resulting from identity theft, within 30 days after the date of receipt of a request from a victim in accordance with subsection (4), and subject to verification of the identity of the victim and the claim of identity theft in accordance with subsection (3), a business entity that has provided credit to; provided for consideration products, goods, or services to; accepted payment from; or otherwise entered into a commercial transaction for consideration with, a person who has allegedly made unauthorized use of the means of identification of the victim, shall provide a copy of the application and business transaction records in the control of the business entity, whether maintained by the business entity or by another person on behalf of the business entity, evidencing any transaction alleged to be a result of identity theft to:The victim;A federal, state, or local government law enforcement agency, or officer specified by the victim in such a request; orA law enforcement agency investigating the identity theft and authorized by the victim to take receipt of records provided under this section.
1. The victim;
2. A federal, state, or local government law enforcement agency, or officer specified by the victim in such a request; or
3. A law enforcement agency investigating the identity theft and authorized by the victim to take receipt of records provided under this section.

(b)

This subsection does not apply to a third-party providing a service to effect, administer, facilitate, process, or enforce a financial transaction initiated by an individual.

(3)

VERIFICATION OF IDENTITY AND CLAIM.Before a business entity provides any information under subsection (2), unless the business entity, at its discretion, otherwise has a high degree of confidence that it knows the identity of the victim making a request under subsection (2), the victim shall provide to the business entity:As proof of positive identification of the victim, at the election of the business entity:
The presentation of a government-issued identification card;
Personal identifying information of the same type as provided to the business entity by the unauthorized person; or
Personal identifying information that the business entity typically requests from new applicants or for new transactions, at the time of the victim’s request for information, including any documentation described in subparagraphs 1. and 2.
As proof of a claim of identity theft:
A copy of a police report evidencing the claim of the victim of identity theft; and
A properly completed affidavit of fact that is acceptable to the business entity for that purpose.

(a)

As proof of positive identification of the victim, at the election of the business entity:The presentation of a government-issued identification card;Personal identifying information of the same type as provided to the business entity by the unauthorized person; orPersonal identifying information that the business entity typically requests from new applicants or for new transactions, at the time of the victim’s request for information, including any documentation described in subparagraphs 1. and 2.
1. The presentation of a government-issued identification card;
2. Personal identifying information of the same type as provided to the business entity by the unauthorized person; or
3. Personal identifying information that the business entity typically requests from new applicants or for new transactions, at the time of the victim’s request for information, including any documentation described in subparagraphs 1. and 2.

(b)

As proof of a claim of identity theft:A copy of a police report evidencing the claim of the victim of identity theft; andA properly completed affidavit of fact that is acceptable to the business entity for that purpose.
1. A copy of a police report evidencing the claim of the victim of identity theft; and
2. A properly completed affidavit of fact that is acceptable to the business entity for that purpose.

(4)

PROCEDURES.The request of a victim under subsection (2) shall:Be in writing.Be mailed or delivered to an address specified by the business entity, if any.If asked by the business entity, include relevant information about any transaction alleged to be a result of identity theft to facilitate compliance with this section, including:
If known by the victim or readily obtainable by the victim, the date of the application or transaction.
If known by the victim or readily obtainable by the victim, any other identifying information such as an account number or transaction number.

(a)

Be in writing.

(b)

Be mailed or delivered to an address specified by the business entity, if any.

(c)

If asked by the business entity, include relevant information about any transaction alleged to be a result of identity theft to facilitate compliance with this section, including:If known by the victim or readily obtainable by the victim, the date of the application or transaction.If known by the victim or readily obtainable by the victim, any other identifying information such as an account number or transaction number.
1. If known by the victim or readily obtainable by the victim, the date of the application or transaction.
2. If known by the victim or readily obtainable by the victim, any other identifying information such as an account number or transaction number.

(5)

NO CHARGE TO VICTIM.Information required to be provided under subsection (2) shall be provided without charge.

(6)

AUTHORITY TO DECLINE TO PROVIDE INFORMATION.A business entity may decline to provide information under subsection (2) if, in the exercise of good faith, the business entity determines that:This section does not require disclosure of the information;After reviewing the information provided pursuant to subsection (3), the business entity does not have a high degree of confidence in knowing the true identity of the individual requesting the information;The request for the information is based on a misrepresentation of fact by the individual requesting the information;The information requested is Internet navigational data or similar information about a person’s visit to a website or online service; orThe disclosure is otherwise prohibited by state or federal law.

(a)

This section does not require disclosure of the information;

(b)

After reviewing the information provided pursuant to subsection (3), the business entity does not have a high degree of confidence in knowing the true identity of the individual requesting the information;

(c)

The request for the information is based on a misrepresentation of fact by the individual requesting the information;

(d)

The information requested is Internet navigational data or similar information about a person’s visit to a website or online service; or

(e)

The disclosure is otherwise prohibited by state or federal law.

(7)

LIMITATION ON CIVIL LIABILITY.A business entity may not be held civilly liable in this state for a disclosure made in good faith pursuant to this section or a decision to decline to provide information as provided in subsection (6).

(8)

NO NEW RECORDKEEPING OBLIGATION.This section does not create an obligation on the part of a business entity to obtain, retain, or maintain information or records that are not otherwise required to be obtained, retained, or maintained in the ordinary course of its business or under other applicable law.

(9)

AFFIRMATIVE DEFENSE.In any civil action brought to enforce this section, it is an affirmative defense, which the defendant must establish by a preponderance of the evidence, for a business entity to file an affidavit or answer stating that:The business entity has made a reasonably diligent search of its available business records.The records requested under this section do not exist or are not reasonably available.

(a)

The business entity has made a reasonably diligent search of its available business records.

(b)

The records requested under this section do not exist or are not reasonably available.

Source: Section 817.032 — Information available to identity theft victims, https://www.­flsenate.­gov/Laws/Statutes/2024/0817.­032 (accessed Aug. 7, 2025).

817.02
Obtaining property by false personation 817.03
Making false statement to obtain property or credit or to detain real property 817.05
False statements to merchants as to financial condition 817.06
Misleading advertisements prohibited 817.08
Receiving money or property upon false promises of services as seaman or sponge fisher 817.11
Obtaining property by fraudulent promise to furnish inside information 817.011
Definition 817.14
Procuring assignments of produce upon false representations 817.15
False entries in books of business entity 817.16
False reports, etc., by officers of banks, trust companies, etc., with intent to defraud 817.17
Wrongful use of city, county, or other political subdivision name 817.18
Wrongful marking with a city, county, or other political subdivision name 817.19
Fraudulent issue of stock certificate or indicia of membership interest 817.20
Issuing stock or obligation of corporation beyond authorized amount 817.21
Books to be evidence in such cases 817.021
False information to obtain a seaport security identification card 817.22
Making false invoice to defraud insurer 817.23
Making false affidavit to defraud insurer 817.24
Unlawful to add or alter or deface existing brand 817.25
Fraudulently marking or branding 817.025
Home or private business invasion by false personation 817.26
Fraudulently changing marks on animal 817.28
Fraudulent obtaining of property by gaming 817.29
Cheating 817.30
Punishment for unlawful use of badge of certain orders and organizations 817.31
Unlawful use of insignia of American Legion 817.031
Making false statements 817.032
Information available to identity theft victims 817.32
Fraudulent operation of coin-operated devices 817.33
Manufacture, etc., of slugs to be used in coin-operated devices prohibited 817.034
Florida Communications Fraud Act 817.34
False entries and statements by investment companies offering stock or security for sale 817.35
Sale of cemetery lots or mausoleum space 817.36
Resale of tickets 817.037
Fraudulent refunds 817.37
Touting 817.38
Simulated process 817.39
Simulated forms of court or legal process, or official seal or stationery 817.40
False, misleading and deceptive advertising and sales 817.41
Misleading advertising prohibited 817.43
Exemption 817.44
Intentional false advertising prohibited 817.45
Penalty 817.47
Insurance advertising exempt 817.49
False reports of commission of crimes 817.50
Fraudulently obtaining goods or services from a health care provider 817.51
Obtaining groceries, retail poultry, dairy, bakery, and other retail products 817.52
Obtaining vehicles with intent to defraud, failing to return hired vehicle, or tampering with mileage device of hired vehicle 817.53
False charges for radio and television repairs and parts 817.54
Obtaining of mortgage, mortgage note, promissory note, etc., by false representation 817.55
Tourist attraction advertisement 817.061
Misleading solicitation of payments prohibited 817.155
Matters within jurisdiction of Department of State 817.233
Burning to defraud the insurer 817.234
False and fraudulent insurance claims 817.235
Personal property 817.236
False and fraudulent motor vehicle insurance application 817.265
False or fraudulent proof of need for an emotional support animal 817.311
Unlawful use of badges, etc 817.0311
Fraudulent sale or lease of residential real property 817.312
Unlawful use of uniforms, medals, or insignia 817.0345
Prohibition of fraudulent marketing practices 817.355
Fraudulent creation or possession of admission ticket 817.357
Purchase of tickets 817.361
Sale or transfer of multiuse tickets 817.411
False information 817.412
Sale of used goods as new 817.413
Sale of used motor vehicle goods as new 817.414
Sale of counterfeit security signs and decals 817.415
Florida Free Gift Advertising Law 817.416
Franchises and distributorships 817.417
Government Impostor and Deceptive Advertisements Act 817.418
Offering for sale or advertising personal protective equipment with intent to defraud 817.481
Credit or purchases 817.482
Possessing or transferring device for theft of telecommunications service 817.483
Transmission or publication of information regarding schemes, devices, means, or methods for theft of communication services 817.484
Obtaining telephone calling records by fraudulent means prohibited 817.487
Telephone caller identification systems 817.504
Offering or advertising a vaccine with intent to defraud 817.505
Patient brokering prohibited 817.535
Unlawful filing of false documents or records against real or personal property 817.545
Mortgage fraud 817.554
Fraudulently offering for sale tour or travel-related services 817.558
Water-treatment devices 817.561
Violations may be enjoined 817.562
Fraud involving a security interest 817.563
Controlled substance named or described in s 817.564
Imitation controlled substances defined 817.565
Urine testing, fraudulent practices 817.566
Misrepresentation of association with, or academic standing at, postsecondary educational institution 817.568
Criminal use of personal identification information 817.569
Criminal use of a public record or public records information 817.2341
False or misleading statements or supporting documents 817.2361
False or fraudulent proof of motor vehicle insurance 817.4115
False, deceptive, or misleading advertisement of live musical performances 817.4821
Cellular telephone counterfeiting offenses 817.5615
Marks required on optical discs 817.5621
Unlawful subleasing of a motor vehicle 817.5655
Unlawful use of DNA 817.5685
Unlawful possession of the personal identification information of another person 817.5695
Exploitation of a person 65 years of age or older

Current through Fall 2025

§ 817.032. Info. available to identity theft victims's source at flsenate​.gov