A leading industry advocacy group has endorsed the recommendations of a presidential task force that wants a national standard for private sector data protection as a key component of fighting identity theft. But it faulted the task force for failing to recommend a similar national standard for government entities.
"The recommendations to limit the unnecessary use of Social Security numbers, establish a National Identity Theft Law Enforcement Centre and execute additional public awareness campaigns are important and necessary measures," said Liz Gassiter, general counsel for Cyber Security Industry Alliance (CSIA) in a statement. But "the report stops short of requiring a national standard for the public sector that would mirror the mandatory data protection requirements and breach notification requirements suggested for the private sector".
"Merely reissuing data security guidance to agencies is inadequate. Government agencies should be accountable to citizens for safeguarding their data, and compliance should not be optional," Gassiter said.
The CSIA is an industry advocacy group whose membership includes the CEOs of companies such as CA, Symantec, Entrust, F-Secure and others. It was responding to the release of the US President's Identity Theft Task Force report.
The recommendations in the report include a call for less frequent use of Social Security numbers in the public sector, establishment of national data protection and breach disclosure standards for the private sector, a wider use of strong authentication processes and better enforcement of ID theft laws.
The task force also called for more measures to help victims of identity theft minimize damage to their credit and recover the value of the time they spend trying to remediate any harm they suffer. It wants an assessment into the creation of a national system that would allow ID theft victims to obtain an identification document - other than their Social Security Numbers - for authentication purposes. And the group called for setting up a National Identity Theft Law Enforcement Centre to allow law enforcement agencies to share information and collaborate on investigating and prosecuting ID theft crimes.
A letter to the president jointly signed by Attorney General Alberto Gonzales - the chairman of the task force - and co-chair Deborah Platt Majoras, of the US Federal Trade Commission stressed that there is no "quick solution" to the ID theft problem.
"But we believe that a coordinated strategic plan can go a long way toward stemming the injuries caused by identity theft and, we hope, putting identity thieves out of business," the letter noted.
Together, the recommendations contained in the strategic plan are designed to strengthen the efforts of federal, state and local enforcement authorities and educate consumers and businesses that handle sensitive data about how to mitigate ID theft risks and increase data protection in federal agencies.
"Identity theft is a crime that goes far beyond the loss of money or property," Gonzales said in a statement. "It is a personal invasion, done in secret, that can rob innocent men and women of their good names".
The task force's recommendations come at a time of growing consumer concern about identity theft. It marks the latest effort by the federal government to address what is widely seen as a growing and endemic problem. Eight years ago, Congress enacted the ID Identity Theft and Assumption Deterrence Act to make ID theft a federal crime. Since then, the issue has only become more complex and challenging for the general public, the government, and the private sector, the report noted.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.