The final recommendations are scheduled for November.
As an identity theft victim, I think the promising recommendations include
- issuing to all federal agencies a Task Force memorandum, which
covers the factors that should govern whether and how to give notice to
affected individuals in the event of a government agency data breach,
and the factors that should be considered in deciding whether to offer
services such as free credit monitoring
- development of a “universal police report” that an identity theft
victim can complete online, print and take to a local law enforcement
agency, that also submits to the FTC’s identity theft database.
- that Congress…require that defendants
pay identity theft victims for the value of their lost time.
Q: Will this include the government paying victims if their laptops are stolen with unencrypted data and/or people who are responsible for systems that are breached – that can result in identity fraud?
It has been interesting thinking what I’d like to see in the final report. I’m noticing my thoughts skew toward federal level legislation. (Well it’s interesting to me since I try to avoid thinking about law making as much as possible!)
- Rules governing information that gets changed by credit bureaus without notifying the consumer. Here I go harping again: It should take a Herculean effort for a consumer to change his or her birth date on a credit report.
- Laws related to the post office – such as requiring keeping changed addresses on file longer, so as not to deliver offers of credit to an old address.
- Laws regarding whether states can post people’s SSNs on websites instead of letting individuals at the state department levels decide. (If you disagree I’m guessing you haven’t been an identity theft victim yet!)
- Laws regarding allowing consumers to freeze credit. Right now only a few states allow this. If the credit reports develop an automated system for temorarily removing the freezes – such as if you need to have your credit score checked – this could eliminate some concerns. OK it wouldn’t eliminate the concerns of entities wanting to extend offers of credit, but at this point, I’m thinking of consumer protection.
Concepts on which I’m unclear:
- "Improving Agencies’ Ability to Respond to Data Breaches in the Government:
In order to allow agencies to quickly respond to any data breaches,
including by sharing information about those who may be affected with
other agencies and entities that can assist in the response to the
breach, all federal agencies should publish a “routine use” for their
systems of records under the Privacy Act that would allow for the
disclosure of such information in the course of responding to a breach
of federal data."
It will be interesting to see how this all turns out but it is refreshing that identity theft is getting such attention.