Feds Write Prescription for Identity Theft
Federal Task Force Issues Seven Recommendations
September 2006A federal task force named by President Bush to study identity theft has just issued a set of recommendations in the areas of prevention, victim assistance, and law enforcement. Perhaps its primary significance lies in what it represents: one of the largest acknowledgements to date that identity theft is a major public safety issue that warrants widespread consideration and action from lawmakers.
The task force, which includes 17 federal agencies and departments (including the FBI and the U.S. Secret Service), will deliver a final plan in November. The recommendations range from solid common sense to the implementation of potentially significant if not sweeping federal mandates. These mandates, if implemented, would ratchet up the federal response to this crime, and certainly increase awareness on the part of businesses and individuals. Following is a synopsis of the task force’s recommendations.
(1) Data Breach Guidance to Agencies
The Office of Management and Budget (OMB) should issue to all federal agencies a Task Force memorandum, which covers the factors that should govern whether and how to give notice to affected individuals in the event of a government agency data breach, and the factors that should be considered in deciding whether to offer services such as free credit monitoring.
(2) Development of Universal Police Report for Identity Theft Victims
This action is necessary in order for the victims to, for example, request that fraudulent information on their credit reports is blocked, or to obtain a seven-year fraud alert on their credit file. The Task Force recommends the development of a "universal police report" that an identity theft victim can complete online, print and take to a local law enforcement agency for verification and incorporation into the police department's report system.
(3) Extending Restitution for Victims of Identity Theft
Congress should amend the criminal restitution statutes to allow identity theft victims to recover damages for the value of the time that they spend attempting to make themselves whole again: for example, the hours spent disputing fraudulent accounts with creditors. The Task Force recommends that Congress amend the criminal restitution statutes to require that defendants pay identity theft victims for the value of their lost time.
(4) Reducing Access of Identity Thieves to Social Security Numbers
In order to limit the unnecessary use in the public sector of Social Security Numbers (SSNs)—the most valuable pieces of consumer information for identity thieves—the Task Force recommends the following:
-
The Office of Personnel Management (OPM) should accelerate its review of the use of SSNs and take steps to eliminate, restrict or conceal their use, including assignment of employee identification numbers where practicable.
-
OPM should develop and issue policy guidance to the federal human capital management community on the appropriate and inappropriate use of an employee's SSN in employee records, including the appropriate way to restrict, conceal and/or mask SSNs in employee records and human resource management information systems.
-
OMB should require all federal agencies to review their use of SSNs to determine where such use can be eliminated, restricted or concealed in agency business processes, systems and paper and electronic forms.
(5) Developing Alternative Methods of "Authenticating" Identities
The government should initiate a public education program to explore ways of developing and promoting improved authentication systems that will make it tougher for thieves to impersonate victims. Some of the ways to achieve this include workshops and conferences for academics, industry experts, and entrepreneurs that explore wider implementation of new technologies such as biometrics.
(6) Improving Data Security in the Government
Ensure that government agencies improve their data security programs by outlining best practices in the areas of automated tools, training, processes, and standards that would enable agencies to improve their security and privacy programs. In addition, there should be an initiative to develop a list of the top 10 or 20 "mistakes" to avoid in order to protect government information.
(7) Improving Agencies' Ability to Respond to Data Breaches in the Government
All federal agencies should establish protocols, in accordance with the Privacy Act, that would allow for the appropriate disclosure of private information in the course of responding to a breach of data.
For a complete summary of the recommendations, visit: http://www.ftc.gov/os/2006/09/060916interimrecommend.pdf
Our observation:
While this suite of proposed guidelines is not particularly groundbreaking, there is some innovative thinking deserving of both attention and praise. At the top of this list is the overall acknowledgement this report shows for the widespread scope and severity of the crime.
Additionally, we would like to note the recommendation to Congress that a provision of federal law be amended to permit identity theft victims the right to sue defendants for the value of their lost time. If implemented, this provision could have a dramatic impact on how identity theft plays out in the legal arena.
The fact is, the time it takes for victims of identity theft to piece their lives back together is one of the most significant costs to victims, and currently a costs that is nearly impossible for them to recover.
The report also touches on the need for Universal Police Reporting. This is essential. Victims often face the daunting task of cleaning up messes in multiple states, each with its own jurisdiction. Finding the “person in charge” can be Kafkaesque. Our laws in this area need to reflect the high-speed communications world in which we live.
In summary, the report is one small step in the right direction. 
