Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« USA PATRIOT Act: FBI Is Underreporting Their Use Of This Law To Order Businesses to Monitor Email, Phone Calls and Financial Information | Main | Preventing Data Leakage Through Email and Instant Messaging »

Identity Theft Example: It's Not All About Going On Spending Sprees; And A Really Bad Texas Bill

In January I blogged about how at least 220 illegal immigrants working for Swift and Company were charged with identity theft.

As a follow-up to that story, last Friday the first of the convictions was handed down.

She, along with the other immigrants, were reportedly sold a Social Security number (SSN).

Organizations need to realize the impact of not properly protecting personally identifiable information (PII) goes way beyond just using it to open bogus credit card accounts and going on spending sprees.

SSNs are very valuable to the crooks selling them to poor illegal immigrants coming to the U.S., often lured by advertisements from U.S. companies for factory, farm or similar types of labor-related job opportunities, looking for a better life for their families. In just the past two weeks alone there have been at least 111 news stories published about the concern with SSNs being used for illegal immigrants to obtain work with identity theft as a result.

The recent Texas bill to exempt courthouse clerks from all state and federal laws requiring SSNs to be kept confidential, and that was actually passed by the Texas House of Representatives, still amazes me. It is now in the Texas Senate for debate and vote.

Hopefully the members of the Texas Senate have more sense than their House counterparts. Can you imagine how easy it would then be for crooks to go to a Texas courthouse, or actually to the courthouse's online sites, and just harvest a huge crop of SSNs to sell to the masses waiting to come over the border to get jobs? All because the clerks do not want to be responsible for protecting the SSNs (along with driver’s license numbers, bank account details and in many cases protected health information), under their control, and do not want to invest the time and resources in removing the SSNs from the records before they become publicly posted on their associated courthouse websites.

No, protecting privacy isn't easy or convenient, but isn't it worth it? Would those lawmakers and clerks feel differently if their own SSNs were made publicly available? Part of being on the Internet is implementing appropriate security for the information you for which you are responsible.

It is so ironic, and sadly typical of how most government agencies work (or don't work) together, to have all these data protection initiatives and laws being proposed and passed, and then having another government agency want to pass a law that is in direct conflict and completely the opposite. It's like Texas wants to drill a hole into the privacy levee so many individuals and organizations are trying to construct.

Texas, don't mess with privacy.

Tags:                    
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on March 12, 2007 1:49 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/344

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.