Chapter 26. Is There Anything We Can Do About Identity Theft?

One of the biggest drivers for IT security spending today is the threat of identity theft. The laws and regulations vary by region and by business, but many companies face liability if they are responsible for negligent data loss.

In reality, lots of data gets lost or stolen. According to the Privacy Rights Clearinghouse, in the United States alone, there have been over 215 million electronic data records lost since the beginning of 2005. Now, most of the time, those records aren’t used in identity theft, because they are lost, not stolen. For example, McAfee once had an auditor leave a CD with employee data in a airplane seat pocket. The data almost certainly went out with the trash. But, it happens often enough that there is real risk to consumers.

Plus, there are traditional methods of stealing personal information that aren’t counted, such as copying down credit card information at a restaurant, going through someone’s garbage, and so on. The risk to the average consumer is high enough, particularly considering it can take weeks of phone calls to clear up the damage done, when it is possible at all. Some people are left with massive credit problems.

There are several ways to make small amounts of progress on the problem. For example, many companies have made significant investments in data encryption for laptops. That way, if an employee with personal data on his laptop actually loses the laptop, a potential thief won’t ...

Get The Myths of Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.