The U.S. government has taken several steps to combat identity theft during the past two years, including increased prosecutions of criminals and decreased use of Social Security numbers to identify constituents, according to a report released Tuesday.
Efforts to reduce and fight ID theft are happening across the U.S. government, says the report from the U.S. Department of Justice and the U.S. Trade Commission. The report serves as an update on the efforts of the U.S. Identity Theft Task Force, established by President George Bush in May 2006.
However, many state and local governments continue to release Social Security numbers (SSNs) in public documents, according to a second report, released Tuesday the U.S. Government Accountability Office.
Eighty-five percent of the large population counties that responded to a GAO surveyed make records with full or partial SSNs available in bulk or online, while 41 percent of smaller population counties do, according to the GAO report. GAO surveyed a sample of 247 counties, including the 97 largest population counties in the U.S. and a random sample of 150 other counties, and received responses from 89 percent of the counties.
In some cases, businesses that purchased public records from U.S. counties sent the information to India and the Philippines, the GAO said.
However, 25 states have passed laws in recent years to remove or restrict SSNs from public records, the GAO noted.
"In weighing how best to address some of these open issues over the availability of SSNs in public records, Congress will need to balance the need to keep SSNs confidential with the long standing tradition of open access to public records, the rights of states and localities to regulate the availability of records they maintain, and the use of SSNs in the private sector," the GAO report said. "Recent actions taken by the [U.S. government] and states to truncate SSNs represent one effort that may strike an appropriate balance between protecting SSNs from misuse and making a portion available for appropriate parties to firmly establish the identity of specific individuals."
Among the steps taken in the past two years, according to the ID task force report:
-- The DOJ increased the number of ID theft prosecutions by 27 percent between fiscal year 2006 and 2007. In 2006, the DOJ charged 1,946 defendants with violating one of the two main federal identity theft statutes and 1,534 defendants were convicted. In 2007, 2,470 defendants were charged and 1,943 were convicted.
-- The FTC and the U.S. Securities and Exchange Commission have also investigated cases involving ID theft. In the past year, the FTC brought six new enforcement actions against companies that allegedly failed to take reasonable measures to protect sensitive consumer data, bringing the total of FTC data security cases to 20.
-- In March 2007, the SEC launched an effort to combat spam-driven stock market schemes and to protect investors from fraudulent e-mail campaigns hyping small-company stocks. Since then, the number of spam complaints reported to the SEC's online complaint center has dropped by 50 percent.
-- U.S. agencies have cut back on their use of Social Security numbers to identify employees and constituents. The Department of Defense has launched an effort to reduce its internal use of SSNs, including eliminating them from military ID cards. The Internal Revenue Service has been redacting taxpayer SSNs to the last four digits on all federal tax lien documents filed in public records.
-- In 2007, the Office of Management and Budget and Department of Homeland Security sent a list of 10 common data security risks and the best ways to address them to all federal CIOs.
-- In September, Bush signed the Identity Theft Enforcement and Restitution Act, which allows victims to recover the value of their lost time when dealing with ID theft and creates new categories of crimes related to ID theft.
-- In February, the U.S. Postal Service mailed ID theft protection information to 146 million people and businesses in the U.S.
-- Several agencies, including the DOJ, FTC and U.S. Secret Service, have provided ID theft training seminars for more than 900 law enforcement officers.
The Identity Theft Task Force issued a strategic plan, outlining 31 recommendations for the federal government, in April 2007.
"Due to the dynamic and rapidly changing nature of identity theft, the struggle to protect consumers' personal information will not end with the implementation of the recommendations from the Strategic Plan," the FTC and DOJ said in a news release. "Government and the private sector, working together with consumers, must remain vigilant and adaptable as new generations of identity thieves and techniques develop over the coming years."
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.