Identity theft on the increase

With the concern that identity theft may be on the increase, a raft of legal measures have been introduced in the US to protect the privacy of personal information. In its white paper, Guardian Edge provides a summary of the legislation that is being proposed or has been enacted. Interestingly, the California's Notice of Security Breach Act requires that any firm that owns or licenses electronic personal information must disclose any breach of the security of the system to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. What makes the law far reaching and "effective" is that the law is applicable to any organization that conducts business in California or with California residents. For further information about Californian privacy laws, see http://www.privacy.ca.gov/califlegis.htm.

The white paper concludes with the following statements:

Congress perceives identity theft as a serious threat to the nation’s economic stability, homeland security, the development of e-commerce, and the privacy rights of Americans” and is acting swiftly with new laws designed to protect the privacy and security of personal electronic records and other forms of sensitive personal information. These proposed rules enhance existing laws and carry heavy penalties for organizations that do not adequately protect sensitive personal information.

Whilst these measures are welcomed, what is needful are data protection laws (akin to Europe) that would bring the US up to speed with this field and address the concerns of the current Safe Harbor framework between Europe and the US. For an interesting study into this, see the latest report on Safe Harbor (pdf) prepared at the request of the European Commission.

For general information and advice about identity theft, see the FTC website.