Identity Crisis
This has been the summer of identity theft.
Since May, federal agencies and
private companies alike have admitted to
exposing millions of Americans to the threat of
spoilt credit reports and imbalanced bank statements
through sloppy handling of confidential personal data.
The recent news is frustratingly typical:
Last month the Agriculture Department announced
that one of its laptops had vanished
-along with personal information
about 350 USDA employees on its hard drive
and a paper printout of the data. Someone
returned the laptop and the printout to a meat plant,
but investigators don't know whether
any of the profiles had been compromised.
This isn't the first trouble the USDA has had
with ensuring the security of its workers' information.
In June, the agency reported that a hacker
had gained access to the records of
26,000 D.C. area employees.
And the USDA's foibles are only
a fraction of the problem. In May,
a Department of Veterans Affairs employee
lost a laptop with personal information
about 26.5 million people on it.
The Federal Trade Commission,
the agency responsible for monitoring identity theft,
lost two laptops of its own in June with files containing people's
financial account numbers.
In the past year and a half, about 85 million Americans
have received word that their
identifying information may have been stolen.
These cases should be stern warnings to government
and private-sector managers alike.
All it takes is one stolen laptop in the hands of
the right thief to deal expensive and time-consuming
damage to people who did little more than
give their Social Security numbers to their employers.
According to the FTC, identity theft cost
American consumers $5 billion in 2002.
Over the past decade, Americans have gotten used to
their personal information zipping
around cyberspace, and, for the most part,
that's a good thing. The growing success of e-commerce,
Internet banking and other electronic services
in which personal data are exchanged attests to
the value of public trust in the security of the information
they give out. But government agencies
and private companies have to be more careful
with Americans' identities. That means doing
such basic things as encrypting data taken outside
the office or maintaining a functional hacker shield.
There also may be room for Congress to help.
It can't prevent personal data from being stolen,
but it can follow the lead of many states
by passing the Data Accountability and Trust Act,
which requires prompt notification to those at risk
when their data are compromised.