E-Commerce Times Talkback
See Full Story
Approximately 10 million Americans fall victim to identity theft each year, a statistic that is expected to increase despite the diligent efforts of government and institutions to turn the tide. Leading IT security providers are arguably in the best position to understand the nature and scale of the problem, as well as ways they are working to help organizations and individuals prevent ID theft. "ID theft is a huge problem," said Craig Schmugar at McAfee Avert Labs.
This series provides good, unbiased information, but avoids mention of the key solution.
Companies bear significant responsibility and liability for stewardship of their customer and employee data, but generally do a very poor job. Over 80 million identity records were compromised just in 2006 -- and the response/recovery cost to the companies that lost them was about $100 per record, according to an authoritative study by Ponemon Institute (no connection to my company).
There are a number of improvements companies need to make from a technical standpoint, to encrypt their data and do better access control and security. But the most important solutions are:
1) remove the data entirely from most data stores, and grant access to it only on a need to know basis. Identity data is the personal asset of the person -- just like actual cash -- and needs to be safeguarded as such.
2) require those with access (employees, contractors, service providers) to complete an acknowledgement of accountability, making them directly liable for following standards for data security.
These steps will dramatically improve the effectiveness of the technical approaches this article is focused on.