​

IN 2007, former President Bush’s Identity Theft Task Force released a report with more than 30 recommendations aimed at preventing identity theft and mitigating its consequences.

In the latter part of 2008, the task force released a follow-up report that examined the status of efforts to implement those recommendations. Those efforts include working with agencies to reduce the use of Social Security numbers, launching a public awareness campaign about data use, providing private sector training and guidance on data security, and working with local law enforcement.

The report stated, “The Task Force has successfully carried out most of the recommendations or is making substantial progress in doing so.”

Not everyone is as sanguine about progress on the identity theft front, however. While improvements have been made, identity theft is an issue that still affects more than 8 million people a year in the United States, according to the Federal Trade Commission (FTC), and there are important task force recommendations that are nowhere near implementation. For example, the recommendation to establish a National Identity Theft Law Enforcement Center, which many experts agree is integral to combating identity theft, is still under review by the Department of Justice.

But Jay Foley, founder of the Identity Theft Resource Center in San Diego, California, says that the government’s slow pace on some recommendations may actually be a good thing. He says if the government takes its time, it may avoid creating new, unforeseen problems, such as in the decision in the 1980s to provide Social Security numbers to newborns as a way to keep track of tax dependents. That move created more numbers and possibilities for identity thieves.

As to where improvements remain to be made, Foley cites record keeping and identity verification. The American National Standards Institute (ANSI) seeks to address that. Its Identity Theft Prevention and Identity Management Standards Panel (IDSP) is currently meeting to draft standards that would augment identity verification procedures at agencies that issue identification documents, such as drivers’ licenses, birth certificates, Social Security cards, and passports. “There’s a circularity associated with how those are issued, because in some instances; for example, if you go to obtain a driver’s license, you will use your birth certificate and your Social Security card to prove who you are,” says Jim McCabe, ANSI’s director of consumer relations and IDSP. If just one of those documents is fraudulent or stolen and helps an individual wrongly obtain other documents, the identity theft cycle continues.

“There are something like 14,000 variations of certified birth certificates among 6,500 different issuers of birth certificates… and there’s 57 jurisdictions,” says McCabe. He says part of the panel’s goal is to decrease the number of jurisdictions providing birth certificates, which might make it easier to spot a fraud attempt. McCabe’s group would like to provide identity verification guidance standards to end users by April.

Foley advocates providing more information to organizations that can prevent identity theft. For example, Foley says that if the Social Security Administration provided a data file of under-18-year-olds to motor vehicle departments, credit agencies, and similar venues, then they could check that database to catch attempts at stealing identities from children. And if death certificates flowed from local to federal government, then the Social Security number could be closed off (currently, a person’s death only gets reported to Social Security in certain cases, such as if the deceased was receiving Social Security or Veterans’ benefits).

“We have to improve the system of dealing with that. The record keeping, the whole nine yards…because until we do, we just have too many loose wires out there,” says Foley.

In addition to the changes that could be made in the public sector, there is also a need for more help in the private sector. Foley says the cooperation will likely start with private-sector companies (possibly through a nonprofit organization) going to the government to work together to combat theft. He says retailers could reduce fraud if they communicated with each other about identity theft perpetrated at their stores; that way, the same person would not be victimized multiple times.

Foley also stresses that any laws affecting data security in the private sector must be implemented uniformly so that potential identity thieves can’t take advantage of unaffected companies. One example of this is the FTC’s recent identity theft red-flags rule, which requires identity theft programs not only at banks but also at any companies offering credit.