Search This Blog

Saturday, July 14, 2007


Congress recently asked the General Accounting Office (GAO) to basically evaluate the current identity crisis in relation to the harm caused by personal data breaches. There were at least ten articles on their study, each adding pertinent information to their specific area, with headlines from “Small risk of identity theft” to “Data Breaches Frequent, Effects Unknown.” Not one of the articles—which I don’t link to for obvious reasons—addressed the point of this issue: that just one data breach is too much. The data collectors—from junk mailers, to medical institutions, financial and mortgage firms, and hundreds of non-junk mail companies—are constantly amassing and selling your private information, which, to me, constitutes a fiduciary trust that is being broken on a daily basis. GAO immediately bogs down in trying to explain away the threat by arguing that most large data breaches don’t result in ID theft. That concept was quickly nixed in a July 10, 2007 SC Magazine (for IT professionals) article by Jim Carr, “Four charged in ID theft ring.” These Cuban nationals used data they bought in the underground to counterfeit credit cards. Carr quotes Mari Frank, an attorney and consumer rights advocate, that since there is such a large number (over 200,000) of credit card numbers involved, “there’s a huge connection between data breaches and ID theft.” Exactly what I have been saying in this blog for over two years. Privacy Rights Clearinghouse (PRC) does have its “Chronology of Data Breaches” which is an excellent documentation of the problem. PRC also lists the 2007 Javelin Strategy & Research Survey that corroborates the severity of the issue: 8.4 million victims in 2006 at a cost of $5,720 each for a total loss that year of $49.3 billion. This is why I am infuriated when government entities like the GAO, who know little of the specifics of the overall situation, make stupid assumptions like there’s no real identity theft problem. If it isn’t what they meant specifically, they should keep their mouths shut and defer to organizations like Privacy Rights Clearinghouse and Javelin.

No comments: