Published August 2005

Theft protection legislation
an important step

Protecting ourselves from identity theft is a hot topic lately. We’ve all heard the dos and don’ts.

Do be sure to shred financial correspondence. Don’t carry your Social Security card in your wallet. Do be sure to check your credit report once a year. Don’t have your driver’s license number printed on your checks.

So we follow the dos and don’ts religiously, signing up for a secure post-office box and making confetti of our bank statements. We go over our monthly credit card bills with a fine-tooth comb and have our checks printed to carry just our names — first initial, last name only — business phone number and P.O. box.

Then we read in the newspaper that hundreds of thousands of people across the country could fall victim to identity theft because organizations such as ChoicePoint, Bank of America, Ameritrade — and most recently CardSystems Solutions — have put customers at risk due to possible data losses or security breaches.

Now, people who may be doing everything “right” in the war against identity theft are learning a hard truth: They are not the only ones who have control of — or access to — their personal information.

In an age when information can be digitally stored and sent — including such sensitive data as Social Security, credit card and bank account numbers that seem to better identify us in the eyes of society than even our own faces — the odds are high that people other than ourselves have access to our seemingly confidential information.

And when that information does fall into the wrong hands, it ends up costing everyone big, with consumers facing an estimated $5 billion and businesses facing an estimated $48 billion in out-of-pocket losses annually due to identity theft, according to the Federal Trade Commission.

But maybe even more costly is the loss of confidence consumers have in the companies with whom they do business. Who wants to risk the threat of information being stolen, lost or sold to a third party just to sign up for cell-phone service, procure an auto loan or perform any number of transactions that we now do as a matter of course?

With nearly 10 million people victimized by identity theft each year, it is well past time for a set of national standards to be adopted for the corporate handling of consumer information, and Congress is working to do just that.

The Comprehensive Identity Theft Prevention Act, which originated in the Senate last April and has been undergoing hearings, would create an Office of Identity Theft within the FTC to set information standards and serve as a clearinghouse of identity theft information for consumers. The bill also would give consumers the right to one free report from data brokerages and would detail the proper handling of Social Security numbers.

Indeed, the bill is a step forward and should ignite much needed discussion on information security. Hopefully, that discussion will include the efforts being put forth by other countries that have had success in fighting identity theft.

According to a recent article by Associated Press reporters Brian Bergstein and Matt Moore, European Union countries require companies, in most instances, to inform customers about transfers of their personal information to third parties and give those customers a chance to fix incorrect data.

And many of the countries in Europe and Latin America do not allow a consumer’s personal data, which was obtained for one purpose, to be sold or shared for some other purpose without that person’s consent.

Rules such as these would put a modicum of control back into the hands of the people who keep American businesses in business — the consumers. They deserve to have a say in who can and cannot look at their personal information and they deserve to know how that information is being handled.

— Kimberly Hilden, SCBJ Assistant Editor

Back to the top/August 2005 Main Menu