Identity Theft on the Rise

Identity theft has been a major and growing problem in the United States for several years. The Privacy Rights Clearinghouse, a "nonprofit consumer organization with a two-part mission -- consumer information and consumer advocacy" has an excellent survey page with pointers to years of published studies and point-form summaries of many of their findings. 

For example, they point to valuable research reports from Javelin Strategy & Research, where one can find dozens of reports on fraud (some costing as much as $3,000 but some available free). The "2009 Identity Fraud Survey Report: Consumer Version" dated February 2009 has the following key points:

• "Identity theft happens when your personal information is accessed by someone else without your explicit permission."• "Identity fraud occurs when criminals take that illegally obtained personal information and misuse it for their financial gain, by making fraudulent purchases or withdrawals, creating false accounts, or attempting to obtain services such as employment or healthcare. Personally identifying information such as your Social Security number, bank or credit card account numbers, passwords, telephone calling card number, birth date, name, address and so on can be used by criminals to profit at your expense."• "Almost 10 million Americans learned they were victims of identity fraud in 2008, up from 8.1 million victims in 2007."

The Internet Crime Complaint Center (IC3), a collaboration of the U.S. Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C) and the Bureau of Justice Assistance (BJA) also distinguishes credit-card and financial fraud from identity fraud:

"Identity theft also falls into this category [of financial fraud]; cases classified under this heading tend to be those where the perpetrator possesses the complainant's true name identification (in the form of a Social Security card, driver's license, or birth certificate), but there has not been a credit or debit card fraud committed."

The IC3 has nearly a decade of statistical information in its annual reports from 2001 to 2008 and in its press releases from 2003 to 2009. Readers should note that the increases do not technically prove that the actual number of identity thefts is growing, since the data are unavoidably confounding occurrence of a type of crime with reporting of that type of crime and (when computing proportions) with occurrence and reporting of all types of crime. However, given the wealth of evidence from other sources it's unreasonable to suppose that all of the increases are due to increased reporting or that the only reason for the increased proportion is a decrease in reporting other kinds of crime, so there is reasonable cause for concern about the growth of identity theft. These data suggest that the number of people reporting identity theft to the IC3 has risen roughly five-fold over the last decade.

Given the growing importance of identity theft, state laws have been passed all over the United States to force holders of personally identifiable information to inform data subjects when their PII records are compromised by accident, employee malfeasance or outside criminal activity.

Until recently, information assurance personnel and attorneys specializing in this area of the law have had to search for the appropriate governing laws for each jurisdiction. In the next column, I'll review a valuable resource for locating the laws that apply to disclosure of PII in each state in the United States.

In the meantime, I recommend that you download and print a useful 10-point flier from the Identity Theft Resource Center, which you can distribute to your employees, friends and family to help reduce our collective susceptibility to this wretched crime.

Subscribe to the Security Watch Newsletter

Comments