Are more federal laws the answer to ID theft?
With a growing number of states enacting laws to deal with identity theft, a White House task force has come out with a plan to protect people at the federal level.
In a press release issued Monday on the Federal Trade Commission’s Web site, Attorney General Alberto Gonzales and FTC Chairman Deborah Platt Majoras announced the completion of the President’s Identity Theft Task Force strategic plan. The goal, according to the statement, is “to improve the effectiveness of criminal prosecutions of identity theft; enhance data protection for sensitive consumer information maintained by the public sector, private sector, and consumers; provide more comprehensive and effective guidance for consumers and the business community; and improve recovery and assistance for consumers.”
Majoras said, “Identity theft is a blight on America’s privacy and security landscape. Identity thieves steal consumers’ time, money, and security, just as sure as they steal their identifying information, and they cost businesses enormous sums.”
The task force recommends:
– Reducing the unnecessary use of Social Security numbers by federal agencies.
– Establishing national standards that require private organizations to safeguard the personal data they compile and provide notice to consumers when a breach occurs.
– Implementing a “broad, sustained awareness campaign” by federal agencies to educate consumers, the private sector and the public on methods to deter, detect and defend against identity theft.
– Creating a national identity theft law enforcement center that helps law enforcement agencies coordinate efforts to investigate and prosecute identity thieves more effectively.
The task force recommends several pieces of legislation to make these things happen. While there are already several laws at the state and federal levels to hunt down and prosecute identity thieves, the task force believes sharper teeth need to be added to what’s already on the books.
“Although much has been done to combat identity theft, the specific recommendations outlined in the strategic plan — from broad policy changes to small steps — are necessary to wage a more effective fight against identity theft and reduce its incidence and damage,” the task force said in its press release.
Do you think more federal legislation is the answer to the problem? Let us know what you think in our comments section.
Technorati Tags: data+breaches, identity+theft
Posted: April 24th, 2007 under Data Breaches and Identity Theft.
As part of my current dissertation research on the impact of SOX on security, I have interviewed info security managers and have received a multitude of responses. Legislation appears to set a baseline of what is socially acceptable practice. Those companies that were already on the ball generally did not need legislative prompting. In some cases, companies may even be discouraged from performing beyond baseline security requirements. However, laggards may need external pressure (from laws, suppliers, etc.) to prompt them to meet at least a baseline. Then, there is the question of sustainability. Does the legislation make an initial positive impact, and then fade to no effect?
On the subject of identify theft, aside from notification laws, there has been very little legislation. Meanwhile, identify theft is a growing issue. In the absence of legislative prompting, has the majority of retailers demonstrated self-motivation to protect customer data?
The question posed in this blog really is part of a larger question: what is the effect of legislation on information security? Does it help or hurt? My research in this area examines this question and seeks survey respondents (http://www.surveymonkey.com/s.asp?u=267403639256).
Comment by Janine Spears — April 24, 2007 @ 6:12 pm