Tue. Jun 25th, 2024

(a) As used in this part, the term: (1) “E-mail message” means a message sent to a unique destination, commonly expressed as a string of characters, consisting of a unique user name or mailbox, commonly referred to as the “local part,” and a reference to an Internet domain, commonly referred to as the “domain part,” whether or not displayed, to which an electronic message can be sent or delivered. (2) “Employer” includes a business entity’s officers, directors, parent corporation, subsidiaries, affiliates, and other corporate entities under common ownership or control within a business enterprise. (3) “Identifying information” means, with respect to an individual, any of the following: (A) Social security number; (B) Driver’s license number; (C) Bank account number; (D) Credit card or debit card number; (E) Personal identification number or PIN; (F) Automated or electronic signature; (G) Unique biometric data; (H) Account password; or (I) Any other piece of information that can be used to access an individual’s financial accounts or to obtain goods or services. (4) “Internet” shall have the meaning set forth in paragraph (10) of Code Section 16-9-151. (5) “Web page” means a location that has a single uniform resource locator or other single location with respect to the Internet. (b)(1) It shall be unlawful for any person with intent to defraud, by means of a web page, e-mail message, or otherwise through use of the Internet, to solicit, request, or take any action to induce another person to pro- vide identifying information by representing himself, herself, or itself to be a business without the authority or approval of such business. (2) It shall be unlawful for any person, with actual knowledge, conscious avoidance of actual knowledge, or willfully, to possess with intent to use in a fraudulent manner, sell, or distribute any identifying information obtained in violation of paragraph (1) of this subsection. (c) Any person who intentionally violates subsection (b) of this Code section shall be guilty of a felony and shall be punished by imprisonment for not less than one nor more than 20 years, a fine of not less than $1,000. 00 nor more than $500,000.00, or both. (d)(1) No employer shall be held criminally liable under this Code section as a result of any actions taken: (A) With respect to computer equipment used by its employees, contractors, subcontractors, agents, leased employees, or other staff which the employer owns, leases, or otherwise makes available or allows to be connected to the employer’s network or other computer facilities when such equipment is used for an ille- gal purpose without the employer’s knowledge, consent, or approval; or (B) By employees, contractors, subcontractors, agents, leased employees, or other staff who misuse an employer’s computer equipment for an illegal purpose without the employer’s knowledge, consent, or approval. (2) No person shall be held criminally liable under this Code section when its protected computers, computer equipment, or software product has been used by unauthorized users to violate this Code section without such person’s knowledge, consent, or approval. (e) This Code section shall not apply to a telecommunications provider’s or Internet service provider’s good faith transmission or routing of, or intermediate temporary storing or caching of, identifying information. (f) No provider of an interactive computer service may be held liable in a civil action under any law of this state, or any of its political subdivisions, for removing or disabling access to content on an Internet website or other online location controlled or operated by such provider, when such provider believes in good faith that such content has been used to engage in a violation of this part.