IDENTITY THEFT
LOSS PREVENTION
Three reasons every entity should take action regarding safeguarding the confidential and sensitive information are legislation, loss, and social responsibility.
I. Federal and State Legislation
In 1998, the Identity Theft Assumption and Deterrence Act defined identity theft as a crime. The Act criminalized the knowing transfer or use, without lawful authority, of a means of identification of another person
with the intent to commit, or to aid or abet, any violation of federal law. 18 U.S.C. §1028(a) (7).
"As a fundamental principle, even before reaching theories applicable to information security, parties are generally responsible under the common law of torts to use due care in handling the information regarding others," —Thomas P. Vartanian, Mark Fajfar, and Robert H. Ledig, Electronic Banking Law and Commerce Report, June 2005.
Businesses that do not take reasonable steps to protect information could be held civilly liable for criminal acts committed by others with the stolen information. This was the outcome of Bell v. Michigan Council 25 of the AFSCME, 2005 Mich. App. LEXUS 353 (Mich. Ct. App. Feb. 15, 2005).
Currently 38 states have enacted laws regarding requirements for the notification of victims in the event of a loss or breach of information from a business. In addition to notification laws, all states have legislation that pertains to fraud and theft.
Additionally, there are several federal statutes that expose businesses to civil and criminal liability for not taking appropriate measures to safeguard information. They include, but are not limited to:
- The Fair and Accurate Credit Transactions Act (FACTA)
- The Health Insurance Portability and Accountability Act (HIPAA)
- The Gramm-Leach-Bliley Act (GLB)
- The Family Educational Rights and Privacy Act (FERPA)
- Social Security Number Privacy Act
II. Limit Financial Loss and Loss of Trust
"If you experience a security breach, 20 percent of your affected customer base will no longer do business with you, 40 percent will consider ending the relationship, and 5 percent will be hiring lawyers!" —CIO Magazine, The Coming Pandemic, Michael Freidenberg, May 15th, 2006
III. Social Responsibility
It is our social responsibility as Americans to safeguard the confidential and sensitive information of those who entrust us with it or we do not deserve to have it.
