Get the ECT News Network Weekly Newsletter » View Sample | Subscribe
Welcome Guest | Sign In
E-Commerce Times TechNewsWorld CRM Buyer LinuxInsider

E-Commerce Times Talkback

ECT News Community   »   E-Commerce Times Talkback   »   Re: Developing Best Practices to Combat ID Theft, Part 2

Re: Developing Best Practices to Combat ID Theft, Part 2
Posted by: Andrew K. Burger 2007-03-07 13:32:02
See Full Story

Approximately 10 million Americans fall victim to identity theft each year, a statistic that is expected to increase despite the diligent efforts of government and institutions to turn the tide. Leading IT security providers are arguably in the best position to understand the nature and scale of the problem, as well as ways they are working to help organizations and individuals prevent ID theft. "ID theft is a huge problem," said Craig Schmugar at McAfee Avert Labs.

Re: Developing Best Practices to Combat ID Theft, Part 2
Posted by: ideasware 2007-03-10 18:16:44 In reply to: Andrew K. Burger
This series provides good, unbiased information, but avoids mention of the key solution.
Companies bear significant responsibility and liability for stewardship of their customer and employee data, but generally do a very poor job. Over 80 million identity records were compromised just in 2006 -- and the response/recovery cost to the companies that lost them was about $100 per record, according to an authoritative study by Ponemon Institute (no connection to my company).
There are a number of improvements companies need to make from a technical standpoint, to encrypt their data and do better access control and security. But the most important solutions are:
1) remove the data entirely from most data stores, and grant access to it only on a need to know basis. Identity data is the personal asset of the person -- just like actual cash -- and needs to be safeguarded as such.
2) require those with access (employees, contractors, service providers) to complete an acknowledgement of accountability, making them directly liable for following standards for data security.
These steps will dramatically improve the effectiveness of the technical approaches this article is focused on.
Jump to:
When considering the credibility of an article I read online, I am most influenced by...
The organization or operator of the website that published the article
The journalist(s) who wrote the article
The sources quoted in the article
The quality or style of the writing
The individual(s) who brought the article to my attention
Whether the article has myriad shares or social media activity
My own knowledge or intuition