Identity Theft and Data Security

The Federal Trade Commission deals with issues that touch the economic lives of most Americans. The current portfolio includes protecting consumers in the areas of data security and privacy, identity theft, Social Security number misuse, identity management, spam, maintaining the National Do Not Call Registry, and other IT issues of interest to colleges and universities. The FTC's Bureau of Consumer Protection, although a regulator of businesses, is also an educator: it seeks to educate consumers and provide businesses and other organizations with the information they need to comply with the rules of the road and to provide consumers with the necessary tools to engage in commerce intelligently. This session will highlight information policy issues the FTC is addressing and educational resources institutions of higher education can leverage to improve student, faculty, and staff awareness of data security and privacy risks.

It's estimated that the black market trafficking of stolen electronic identities will increase to $1.6 billion in 2010. Finding personal information is an increasingly complex problem due the myriad places it can reside and forms it can take on computers. Learn not only how to find it but also how to easily and quickly protect it.

"Identity theft is one of the fastest-growing cyber-crimes, and, as a result, 38 states have identity theft legislation -- with some states using encryption as a safe haven," said Southwestern Illinois Community College CIO Christine Leja. "The education market as a whole is becoming more serious about protecting student information and is looking to encryption as the means to making that happen."

"No matter how robust your firewall, trained faculty and staff are your first line of defense against system breaches."

In recent years, many entities in the private, public, and government sectors have reported the loss or theft of sensitive personal information. These breaches have raised concerns in part because they can result in identity theft--either account fraud (such as misuse of credit card numbers) or unauthorized creation of new accounts (such as opening a credit card in someone else's name). Many states have enacted laws requiring entities that experience breaches to notify affected individuals, and Congress is considering legislation that would establish a national breach notification requirement. GAO was asked to examine (1) the incidence and circumstances of breaches of sensitive personal information; (2) the extent to which such breaches have resulted in identity theft; and (3) the potential benefits, costs, and challenges associated with breach notification requirements. To address these objectives, GAO reviewed available reports on data breaches, analyzed 24 large data breaches, and gathered information from federal and state government agencies, researchers, consumer advocates, and others.

As Congress strives to pass legislation that would provide a uniform federal law for security breach notifications, a number of related privacy and security policy proposals are under consideration in the Congress and executive branch agencies. This panel will address topics such as preventing misuse of Social Security numbers, requirements for a personal data privacy and security programs, and measures to prevent identity theft.