Statutory framework — Penal Code §32.51
Section 32.51(b)(1) provides that a person commits an offense if, with the intent to harm or defraud another, the person obtains, possesses, transfers, or uses an item of identifying information of another person without the other person's consent or with intent to harm or defraud another. Section 32.51(b)(2) extends the offense to telecommunications access devices and similar items.
The elements summarized for a typical §32.51(b)(1) case: (1) the defendant obtained, possessed, transferred, or used; (2) an item of identifying information; (3) of another person; (4) without the other person's consent; and (5) with the intent to harm or defraud another. Vadnais v. State, No. 03-14-00578-CR (Tex. App.—Austin Jan. 31, 2017, no pet. h.) (mem. op.), articulates these elements in the typical sufficiency posture. The general purpose of criminalizing this conduct is to prevent identity theft. Jones v. State, 396 S.W.3d 558, 562 (Tex. Crim. App. 2013).
"Identifying information" is defined at §32.51(a)(1) and includes, among other categories: (A) name and date of birth; (B) unique biometric data (fingerprint, voice print, retina or iris image); (C) an electronic identification number, address, routing code, or financial-institution account number; (D) a telecommunication identifying information or access device; and (E) a social security number or other government-issued identification number.
What most people call "identity theft" is charged in Texas as Fraudulent Use or Possession of Identifying Information under Penal Code §32.51. The grade is not driven by dollar amount — it is driven by the number of items of identifying information the defendant is alleged to have obtained, possessed, transferred, or used. The spread runs from a state-jail felony (fewer than five items) through a first-degree felony (fifty or more items). That counting mechanic is the principal litigation battleground in most §32.51 cases.
The federal counterpart at 18 U.S.C. §1028 (identity document fraud) and §1028A (aggravated identity theft) reaches the same conduct in many cases. The aggravated identity theft statute at §1028A carries a mandatory two-year consecutive sentence for knowing transfer, possession, or use of a means of identification of another person during and in relation to specified felonies. That mandatory consecutive is the single most consequential sentencing risk in any §32.51 case that is eligible for federal charging. L and L Law Group, PLLC defends §32.51 cases — and the parallel §1028A cases that often accompany them — across the nine DFW counties we serve: Collin, Dallas, Denton, Tarrant, Rockwall, Kaufman, Ellis, Johnson, and Hunt. Co-founding partners Reggie London (State Bar of Texas #24043514) and Njeri London (State Bar of Texas #24043266) handle these cases personally.
Grade and the item-counting mechanic — §32.51(c)
Section 32.51(c) sets the grade based on the number of items of identifying information involved:
| Number of items | Grade | Punishment range |
|---|---|---|
| Fewer than 5 | State-jail felony | 180 days – 2 years SJF; fine up to $10,000 (§12.35) |
| 5 to fewer than 10 | 3rd-degree felony | 2 – 10 years TDCJ; fine up to $10,000 (§12.34) |
| 10 to fewer than 50 | 2nd-degree felony | 2 – 20 years TDCJ; fine up to $10,000 (§12.33) |
| 50 or more | 1st-degree felony | 5 – 99 years or life TDCJ; fine up to $10,000 (§12.32) |
An item-count enhancement under §32.51(c-1) elevates the grade by one category if the offense was committed against an elderly individual as defined in §22.04(c). A separate enhancement under §32.51(c-2) applies where the offense involves three or more items and the defendant has a prior §32.51 conviction.
What counts as an "item" — Cortez v. State and Bodden v. State
The counting mechanic is governed by two Court of Criminal Appeals decisions that are central to nearly every contested §32.51 case.
Cortez v. State, 469 S.W.3d 593, 599-600 (Tex. Crim. App. 2015), held that "item" in §32.51 means a single piece of personal, identifying information that alone or in conjunction with other information identifies a person — not the tangible document (such as a driver's license, credit card, or bank statement) that contains the information. Under Cortez, the State must count each piece of identifying information, regardless of whether the pieces appear in one physical document or many.
Bodden v. State, 707 S.W.3d 399 (Tex. Crim. App. 2024), refined Cortez in two ways that often matter at sentencing. First, Bodden held that under §32.51(a)(1)(A), "name and date of birth" must be taken together to constitute a single item because the subsection uses the conjunctive "and." A name alone or a date of birth alone does not count; both together count as one item. Second, Bodden held that the proper inquiry is whether the piece (or combination of pieces) is sufficient to identify the person or the person's accounts in a manner that would allow another to engage in fraudulent conduct. A financial-institution account number does not require a corresponding routing number to qualify as an item if the surrounding documents (e.g., bank letterhead) identify the institution.
Defense practice on the item count is detailed and arithmetic. It typically involves: (1) parsing every alleged item against §32.51(a)(1)'s definitional categories; (2) consolidating multiple appearances of the same piece of information into a single item (a name appearing on five separate documents is still one item); and (3) under Bodden, evaluating whether each contested piece is in fact sufficient to identify the person or an account in a fraud-enabling manner. Where the indictment count is at or near a grade boundary, a successful challenge can drop the case one or two felony grades.
The intent-to-harm-or-defraud element
Section 32.51(b)(1) requires that the defendant act with the intent to harm or defraud another. This element is often the principal sufficiency litigation in cases where the defendant has lawful access to identifying information through employment, business, or family relationships.
Standard defense theories on intent include: (1) the defendant possessed the information for a lawful business purpose (e.g., processing payroll, managing benefits, performing background checks); (2) the defendant possessed the information at the request and with the consent of the individual (e.g., handling a parent's affairs); (3) the defendant possessed the information for a use disclosed and authorized at the time of acquisition (e.g., as part of a legitimate financial transaction that later soured); or (4) the State has not connected the possession to any fraudulent use or attempted use, leaving the intent element to inference alone.
Section 32.51(b-1) creates a presumption: a person who possesses three or more items of identifying information of another person is presumed to have the intent to harm or defraud another. The presumption is rebuttable, but in practice it shifts the burden of going forward to the defense. Where the item count is at or above three, defense practice on the intent element requires affirmative evidence of lawful purpose, not merely an argument that the State has not affirmatively proved fraudulent intent.
The federal crossover — 18 U.S.C. §1028 and §1028A
The federal identity-document and identity-theft statutes have substantial overlap with §32.51:
| Statute | Conduct | Maximum |
|---|---|---|
| 18 U.S.C. §1028(a)(1)–(8) | Production, transfer, or possession of identification documents and means of identification with fraudulent intent | Up to 15 years; tiered enhancements |
| 18 U.S.C. §1028A(a)(1) | Aggravated identity theft — knowing transfer, possession, or use of a means of identification of another during and in relation to enumerated felonies | 2-year mandatory consecutive sentence |
| 18 U.S.C. §1028A(a)(2) | Aggravated identity theft — same, during and in relation to terrorism offenses | 5-year mandatory consecutive sentence |
Section 1028A is the controlling sentencing risk in any federal identity-theft case. The mandatory two-year consecutive sentence applies on top of whatever sentence the predicate offense yields, and the sentence may not be reduced or run concurrently with the predicate. Flores-Figueroa v. United States, 556 U.S. 646 (2009), held that §1028A requires the government to prove that the defendant knew that the means of identification belonged to another actual person — not merely that the defendant knew the document was a means of identification. The Supreme Court further refined §1028A in Dubin v. United States, 599 U.S. 110 (2023), holding that §1028A(a)(1) is not satisfied merely because a defendant has used another person's means of identification in connection with a predicate offense; the use of the means of identification must be at the "crux" of what makes the predicate offense criminal.
The §1028A predicate-offense list is at §1028A(c) and includes the major federal fraud offenses (mail fraud, wire fraud, bank fraud, healthcare fraud, immigration fraud), social security fraud, false statements to a federal agency, and several other categories. Defense practice in §1028A cases is dominated by the Dubin analysis — whether the means-of-identification use was at the crux of the predicate offense or merely ancillary to it.
Forensic-evidence and discovery practice
Identity-theft cases are document-and-digital-forensic cases. The State's evidence is typically built on: (1) physical documents seized at execution of a search warrant; (2) digital evidence on phones, laptops, and removable storage; (3) bank, credit-card, and merchant records subpoenaed from financial institutions; (4) victim statements and victim identification of compromised account numbers; and (5) the State's arithmetic of the item count.
Defense practice on discovery and forensic issues includes:
- Code of Criminal Procedure Article 39.14 motions for the State's forensic report, including the forensic examiner's working notes and the underlying forensic images.
- Suppression motions targeting the search warrant under Franks v. Delaware, 438 U.S. 154 (1978), for material misrepresentations or omissions in the supporting affidavit.
- Motions to suppress digital evidence on Fourth Amendment grounds where the warrant lacked particularity as to electronic devices or the search methodology exceeded the scope of the warrant.
- Motions under Brady v. Maryland, 373 U.S. 83 (1963), for exculpatory evidence in the State's possession.
- Expert challenges to the State's item-count methodology under Cortez and Bodden.
Where the State's case rests on digital forensic evidence — chat logs, browser history, cached pages, recovered files — the chain-of-custody and analytical reliability of the forensic methodology are often the principal litigation issues. Defense expert testimony from a qualified digital-forensic examiner is often necessary.
Defense theories and common case postures
The principal defense theories track the §32.51 elements and the §32.51(b-1) presumption:
- Lawful possession. The defendant possessed the identifying information for a lawful purpose — employment-related records, business records, family caretaking, or legitimate financial transactions. This is the principal theory in cases involving payroll administrators, medical-billing staff, accounting personnel, and family members managing elderly parents' affairs.
- Consent. The individual whose information is involved consented to the possession and use. Consent can be express or implied from a course of conduct.
- Item-count challenge. The State's item count is inflated by counting the same piece of information multiple times, by counting items that do not satisfy §32.51(a)(1), or by failing to apply Bodden's "name-and-date-of-birth" pairing rule. A successful item-count challenge can drop the grade.
- Lack of intent to harm or defraud. The State's evidence supports possession but does not connect the possession to any fraudulent use or attempted use. The §32.51(b-1) presumption operates against this defense once three items are proved; the defense must offer affirmative evidence of lawful purpose.
- Mistaken-identity defense. The State's case rests on digital evidence found on shared devices or shared accounts; the defendant is not the person who acquired or used the information.
Common case postures include: (1) the "stolen-mail" case (mail theft leading to possession of identifying information from intercepted documents); (2) the "data-breach" case (large-scale possession of identifying information from a database or list); (3) the "employee" case (a payroll, HR, medical-billing, or banking employee accused of unauthorized use); (4) the "family-member" case (a relative accused of using identifying information of a parent, child, or sibling); and (5) the "synthetic identity" case (combinations of real and fabricated identifying information used to create a new credit profile).
Restitution, civil exposure, and the L and L Law Group approach
Restitution exposure in §32.51 cases is set by Code of Criminal Procedure Chapter 42A, §42A.301, and Chapter 42, §42.037. The court may order restitution to the named victim for losses sustained as a direct result of the offense. In federal cases, restitution is mandatory under the Mandatory Victims Restitution Act, 18 U.S.C. §3663A. Restitution exposure can dwarf the criminal-sentence exposure in cases involving multiple victims or large aggregate losses.
Civil exposure runs in parallel. The victim may bring a civil action under the Texas Identity Theft Enforcement and Protection Act, Business and Commerce Code Chapter 521, and under the federal Fair Credit Reporting Act, 15 U.S.C. §1681. Defense counsel must coordinate the criminal-side strategy with civil counsel where civil litigation is pending or imminent.
L and L Law Group, PLLC defends §32.51 cases across the nine DFW counties we serve. Item-count analysis under Cortez and Bodden, forensic-evidence review, and (where applicable) parallel federal §1028A analysis begin at the first attorney-client meeting. Co-founding partners Reggie London (Bar #24043514) and Njeri London (Bar #24043266) handle these cases personally at (972) 370-5060 or info@landllawgroup.com.