Video Podcast

Archive Browse:

Archive Search:

Help


Identity Theft: An Inside Job


By Cindi Curtis

Personal data can be lost in a variety of ways. Personal information may be stolen during Internet transactions. Identity theft may also occur when there is some type of connection between the thieves and their victims.
According to an article titled "Identity Theft and Employer Liability" in the January 2007 issue of Risk Management Magazine, "a more critical concern is when identity theft can be tied to the action of employees."
We are all familiar with the best known case, which involved the loss of up to 26 million personal records from the U.S. Department of Veteran Affairs and was due to an employee taking the records home on a laptop that was later stolen. Other agencies experiencing data breaches were U.S. Census Bureau and the National Oceanic & Atmospheric Administration.
The largest data breach reported so far occurred at TJX. Even a south Florida fish, the grouper, experienced identity theft when a few southwest Florida restaurants served Asian Catfish to their customers when the grouper supply dwindled.

Employer Responsibility
Risk Management continued to report that, "When employees mishandle personal data and losses occur, [employers], whether private or public sector, are culpable." It also noted that "[branches of government at the state and federal levels] are focused on identity theft ..." and that "the net result will be increased statutory, regulatory and legal pressure on corporations to protect personal data and to protect their businesses from subsequent financial and productivity losses."
Identity theft and fraud has been in existance for some time, but is now the fastest growing crime in the world. Originally, it occurred as a violent crime; the aggressor had to kill someone for it. Then they'd just assume the alternative identity and walk around as if they were that person.
Eventually emerging as a "white collar" crime, this social plight hid itself within other various forms of theft such as extortion, embezzlement and fraud. Some of the cases of white collar identity theft crimes occurred via the phone. Some miscellaneous person would call and offer credit, prizes or other incentive awards; and what was needed to process the offers was to verify the "winner's" identity.
Of course, the victim never received the credit or prize offer. The criminal would then use that person's information to steal his identity - and the victim had no idea what just took place, often for many years to come.
Losing your wallet or purse was typically the onset of a worrisome ordeal involving canceling all bank and credit cards. Socially, not much concern was experienced regarding "loss of other vital information" such as a driver's license, health insurance or information, except for the bothersome task of replacing those items.
Today, every four seconds, someone becomes a victim of identity theft, either again or for their very first time.

Did You Know?
- Out of nearly every four households, two of them have been victimized, but only one household may be aware of it.
- More than 64% of identity theft occurrences originate from within the workplace.
- When a person becomes a victim of identity theft it will take, on average, more than 1,600 work hours and approximately $92,452 to correct the problem.
- Financial or credit identity theft accounts for only 22% of all identity theft occurrences.
- There are five major types of identity theft: financial, DMV/drivers license, social security, character/criminal and medical identity theft.
- In only a few years, the revenue lost as a result of identity theft has surpassed decades of revenue lost to drug trafficking.
- In direct response to the devastation inflicted upon its victims and lost revenue, there are a multitude of new federal and state laws that outline corporate responsibility and compliance.
- If you are a business owner or a key decision maker, you can be facing up to a $1 million fine per incident/up to a 10-year prison term per incident.
According to Betsy Broder, of the FTC's Division of Privacy and Identity Protection, "We will act against businesses that fail to protect their customer data." Broder also said, "We need to see that you've taken reasonable steps to protect your customers' information."

What Can You Do?
- You can reduce your corporate risk and obtain protection for yourself and your business through (human capital) education and training, an affirmative defense response.
- You can reduce your liabilities through adoption and implementation of a security plan, a vital component of a corporate mitigation plan.
According to Risk Management, "Many of the corporate risks associated with identity theft can be mitigated by the development and implementation of sound policies, systems and procedures" and "the risks that flow from the affected individual, however, must be managed using available tools and products that both support the individual and protect the employer. In the absence of a solid risk management plan for identity theft, the potential losses are nearly unlimited."
- Be proactive in your response to identity theft legislation.
If your business is a recent startup or is undergoing reengineering, systems reorganization, process improvement or experiencing growth or change management, it is critical to obtain an identity theft compliance evaluation and risk assessment during the process. Protect what you have worked so hard for: your business and your future. Your business and your good name can crumble and be lost in an instant.

Cindi Curtis is CEO/owner of IDT Solutions Risk Management Consulting. She was not aware of her first incidence of identity theft for 14 years. The second incidence did not come to her attention for almost two years. She can be reached at 410-961-0600 and doncindi@comcast.net.