As many of our reader know, we like to shine a light on those who are doing extraordinary things when it comes to fighting identity theft. We like to focus on members of law enforcement, consumer advocates, law makers and the like. But, every so often, we like to deviate a bit. And, this is exactly what we are doing by naming this week’s “Best Person” a Colorado grandmother who was wrongly jailed for being accused of running a massive identity theft ring.

Margot Sommerville (not her in the photo – that’s Estelle Getty from Golden Girls!) had her purse stolen in June 2006 in California. Five mont

Full Article…

Hospitals, health plan sponsors, health care providers, and their vendors need to act immediately to meet the new rules introduced by the Health Information Technology for Economic and Clinical Health Act (HITECH).

Full Article…

As we enter 2010 it is clear that companies and consumers alike are not being well-served when it comes to handling data breaches.  From the viewpoint of businesses, the vague, overlapping, and ineffective patchwork of regulations is not only difficult to manage, it actually acts as a deterrent to reporting data breaches.  And for consumers, the lack of clear regulatory oversight means that millions of people are never informed that their personal information has been compromised.

The fact that the Federal Trade Commission (FTC) has delayed the implementation of its Fact Act Red Flags Rules regulations not once, or twice, but three times, sends the wrong signals to compliance officers.  How can regulations be taken seriously if they are delayed over and over again?

The Federal Government’s New HITECH Act, which went into effect on September 23, 2009, strengthens the rules designed to protect the privacy and security of health-related data.  However, vague wording in the regulations written by the Office of Health and Human Services (HHS) has opened the door to under-reporting of data breaches, which will in turn put breach victims at undue risk of medical identity theft.

Further, 45 states now have 45 different data breach reporting laws on the books.  The result of this hodgepodge system makes complying with the law unwieldy for organizations that attempt to put homegrown data breach management systems in place.  (Full disclosure:  my firm does provide an easy to deploy, on-demand compliance solution – but that is another topic for another day.)

Congress has been working on and off for three years on this issue, but to date, it has failed to come up with a reasonable law that would ease the burden on businesses and provide reasonable protections for consumers.  Virtually all of the draft bills being bantered around would be weak and ineffective.

The fact is, as Javelin Strategy and Research noted in its research report  published on October 27, 2009, consumers who are victims of a data breach are four times more likely to become victims of fraud.  Data breaches have serious consequences, and should be taken seriously by all concerned.

Here’s hoping that in 2010 both regulators and businesses will be able to come to terms with regulatory standards that are easy to meet, lower corporate risk, and actually help to protect people from identity theft.

Branch is currently Associate Dean of Student Services, Henley Putnam University. This on-line university specializes in professional studies in Intelligence, Protection Management and Terrorism-Counterterrorism studies for military, law enforcement, security and intelligence professionals. He was formerly the Manager of Safety and Security Compliance at Ft. Lauderdale-Hollywood International Airport.

Mr. Walton has more than 40 years direct experience in federal law enforcement, private security and college teaching. He retired from the United States Secret Service after a 21-year career.

Full Article…

San Diego, CA  (January 8, 2010):  In 2009, the Identity Theft Resource Center® Breach Report recorded 498 breaches, less than the 657 in 2008, more than the 446 in 2007.   Are data breaches increasing or decreasing?  That is the question no one can answer.  This fact will not change until there is a single data breach list requiring mandatory public reporting.   With some breaches not being reported publicly, and some state Attorneys General not allowing public access to reported breaches, we doubt that anyone is in a position to answer the question above.   When we allow laws to be created requiring breach reporting but not disclosure, and provide minimal enforcement or penalty for non-compliance, we can expect a lack of public disclosure.   Counting breaches becomes an exercise in insanity.

ITRC collects information about data breaches made public via reliable media and notification lists from various governmental agencies.   There are breaches that occurred in 2009 that never made public news.   So rather than focus on a question without an answer, ITRC used percentages to analyze the 498 breaches recorded this year looking for any changes or new trends.   (Both raw numbers and percentages have been provided in the charts).

The main highlights are:

• paper breaches account for nearly 26% of known breaches (an increase of 46% over 2008)
• business sector climbed from 21% to 41% between 2006 to 2009, the worst sector performance by far
• malicious attacks have surpassed human error for the first time in three years
• Out of 498 breaches, only six reported that they had either encryption or other strong security features protecting the exposed data

In 2009, the business sector increased to 41% of all the publicly reported breaches.   While there are

Full Article…

(December 31, 2009) Here we are again, getting ready to face a new year. Time to set those dreaded New Year’s resolutions. You know, lose the 10 pounds, give up the chocolate, quit smoking, and win the Nobel Peace Prize.

Along with the breaking of some bad habits, now is the time to take on some new habits to protect you against identity theft. The ITRC offers the following top 10 resolutions you can make in 2010:

1. Lock up your social security card! Get it out of your wallet! Put this valuable card, along with all other important personal documents, in a safe, locked box or safety deposit box. <

Full Article…