Feds issue new identity theft recommendations

The Bush administration issued its annual Identity Theft Task Force Report, including 31 recommendations for combating identity theft and fraud, and boasting of a 26 percent increase in identity theft convictions from 2007.

The 70-page report details steps taken by federal agencies to implement recommendations originally proposed in the Identity Theft Task Force's strategic plan, published in April 2007. The strategic plan, itself based upon recommendations made by the Task Force when it was founded in 2006, emphasized reductions in the use of Social Security numbers as an identifier for both businesses and government agencies.

"The SSN is highly valuable for identity thieves because it is often a necessary (if not necessarily sufficient) item of information that a thief needs to open new accounts in the victim's name," the task force wrote. "One of the most practical and cost-effective ways to prevent breaches is to collect and maintain sensitive data only when it is necessary to do so."

The Task Force recommended that the government's Office of Personnel Management (OPM) take the lead in reviewing how federal agencies use Social Security numbers and issuing new recommendations for reducing or eliminating their use in everyday paperwork. In addition, the task force reported that OPM has been working with the Social Security Administration (SSA) to conduct studies on the feasibility of replacing a Social Security number with a new unique identifier for all federal employees.

The task force also reported progress on working with state and local governments to reduce or eliminate usage of Social Security numbers as an identifier for their daily business.

The task force also focused on its efforts to improve restitution and aid for victims of identity theft, for whom it takes an average of 600 hours and $6,000 to get any damage to their identities fixed. The chief recommendation was widespread adoption of a "passport" document for victims to use in order to verify their identities while disputing or investigating charges of identity theft.

The Justice Department has launched a pilot "passport" program in Ohio, where victims enter their information into a statewide database that is shared with other law enforcement agencies, in order to reduce additional fraud and enable the victim to more easily go about their business.

The Task Force also recommended extending partnership with lawyers and legal aid services on both the state and federal levels to get victims of identity theft more legal representation in order to gain restitution.

The Task Force reported that in 2007, 2,470 suspected identity thieves or fraudsters were charged with crimes relating to identity theft, and 1,943 were convicted, up from 1,534 in 2006.

The Task Force acknowledged that the private sector's usage of personally identifying information constitutes a potential security risk, and recommended increased education and training for companies on how to better handle the data they collect.

Under the "red flags rules," financial institutions and business entities that offer credit or services provided through credit were required to develop and implement plans to protect their customers' data from identity theft and better identify potential fraudulent transactions. Businesses covered by the rules included banks, mortgage lenders, telecommunications companies, auto dealerships, and many others.

The rules, which were passed in 2003 as part of the Fair and Accurate Credit Transactions Act (FACTA), were not scheduled for implementation until Jan. 2008, and full implementation was originally delayed until Nov. 2008. The FTC said that because many businesses that are not covered by FTC jurisdiction did not know they were affected by the rules, they would not be able to comply with the deadline quickly enough.