At the Core
* Defines identity authentication techniques
* Discusses the information manager's role in protecting privacy
* Gives recommendations for protecting employee and client privacy
An employee at a major New York insurance company was charged in March with stealing colleagues' identities from a database of 60,000 names and selling them over the Internet as part of a credit card scam. Last year, a Kansas woman's checkbook was stolen from her locked office, and false identification--with her name and address but with a photo of someone else--may have been used to cash the checks. The woman, a state senator, is currently proposing legislation to protect the financial privacy of other citizens.
Considered one of the fastest-growing crimes in the United States and already a large problem worldwide, identity theft has indelibly left its mark on the countless businesses and individuals that make the news headlines each month. According to the U.S. Federal Trade Commission (FTC), identity theft was the number-one source of consumer complaints in 2001, totaling 42 percent of all the complaints it received.
While identity authentication technologies and legislative efforts have helped combat identity theft, there is still a long way to go. Business methodology and procedures must change, warns Gary Clayton, founder and chairman of the Privacy Council. "Until recently, businesses treated customer information like they treat the coffee cups in their kitchen they left them laying around," he says. "Companies should better manage information and be held accountable for mismanagement."
A Closer Look at Identity Theft
Credit card fraud is among the most common forms of identity theft. A report by Gartner Inc. revealed that of more than 1,000 adult U.S. online consumers surveyed in January 2002, 5.2 percent were victims of credit card fraud in the prior year. Identity theft struck 1.9 percent.
Identity theft most commonly occurs in the workplace, as was the case with Mari J. Frank, a California attorney, privacy consultant, and author of From Victim To Victor: A Step-By-Step Guide For Ending The Nightmare of Identity Theft.
"More than $50,000 in credit was illegally applied for under my name," says Frank, who discovered that her credit report had been stolen by a temporary employee in a legal practice. "Not only was my financial identity stolen, but my professional identity as well."
It took Frank almost one year to get her credit record back in order. When she became a victim, she says, there was no law in California making identity theft a crime against the consumer victim. The temporary employee was eventually found and arrested. When authorities entered the employee's home, they discovered business cards, checks, and credit card applications containing Frank's name.
"I was really concerned. Was she accepting clients in my name? I could have been disbarred," she says.
The awareness of identity theft, whether it consists of stealing a person's Social Security number, address, phone number, or all of the above, has been heightened in the workplace. Office personnel who deal with sensitive information are getting more attention.
"It's about employees having access to data that they shouldn't have," Clayton explains. "Temporary employees have access to computer systems and can download customer information and then sell it or rise it themselves to perpetrate fraud."
With the proliferation of emerging technologies to protect electronic records, such as firewalls and public key infrastructure (PKI), many companies may believe they are doing everything they can to prevent identity theft. In the process, they neglect commonsense procedural issues.
"Information is much more readily available today with desktop publishing and the Internet," says Russell Poore, general manager of secured destruction services, Recall Corp. …