The term identity theft is an oxymoron. A persons identity is not a physical thing. Only physical things can be stolen.
The term should be identity impersonation or fraud by deception. Because that's what it is.
As far as I am aware, ther is no law against identity theft. Simply because identity theft doesn't exist. Full or is most likely obtaining advantage by deception.
I don't know who invented the term, identity theft. Most likely the media, to dramatise an issue that can be hard to comprehend.
This article has a good suggestion for the way it could be reduced. By putting the risk on the financial institutions rather than the individuals involved. Making the financial institutions check the transactions, rather than putting the burden on individuals to be responsible for ther own personal information.
While we're at it, I don't think there's any law, as far as I no, about stealing of data. Because data is just information. Information can't be stolen.
If one person has information and somebody else hears it, reads it copies it, whatever, then both people have it. So it can't be regarded as stollen. All the laws about stealing and theft are based on the assumption that the possession of something is removed from one party and taken by another, such that the first party does no longer has possession of it. That cannot happen with information or data, because both parties still have it.
However there are laws about accessing, acquiring, reading, copying and the like data/information without authority.
But then again, laws are just data and information.