Saturday, April 09, 2005
Reports show that many businesspeople and individual consumers still do not recognize the full gravity of the identity theft threat. Industry should be taking identity theft seriously and implementing measures to combat the danger. Identity theft can occur in myriad ways. The possibilities are endless. A complete overhaul of identifying standards and processes is paramount and needs to be industry’s driving objective.
In an April 1 CNET article, Jon Oltsik, senior analyst at the Enterprise Strategy Group (ESG), shared information from a survey of 229 U.S.-based security professionals. ESG's survey found 23 percent of respondents reporting internal security breaches at their organizations over the past year. An additional 27 percent of respondents did not even know, when asked, whether such a breach had occurred.
On March 29, Digital-Lifestyles.info reported research from Infosecurity Europe. Apparently, for the chance of winning theater tickets, 92 percent of 200 people surveyed provided strangers with all the personal information a criminal would need to steal their identities.
Clearly, security is lacking—as is awareness and concern—not only at the consumer level but also at the highest levels of corporations. This includes CFO and CIO naïveté about the issue.
Corporations have been slow to realize that identity theft is not just a problem for consumers. The crime and how a business behaves afterward can attract lawyers and litigation.
In press releases dated April 1, class action lawsuits alleging federal securities laws violations at companies such as Mamma.com, Inc., Molex Incorporated, and ChoicePoint Inc. were filed. The same day, The Atlanta Journal-Constitution’s Bill Husted reported [link requires free registration] that ChoicePoint would let consumers review the personal information it has obtained about them.
It is likely only because of legal and legislative pressure that ChoicePoint has responded by stopping the sale of Social Security numbers to third-party private investigators who then resell them to ‘Joe Identity Thief.’
At times of heightened awareness, inaction can be costly, and damage control, no matter how genuine, can be too little too late. One misstep in data security puts a company and all its executives’ actions under the microscope for a very long time.