Get Smart about Business Spending
- Related Stories
-
Officials say PR campaign may boost Real ID popularity
September 24, 2007 -
Google proposes global privacy standard
September 13, 2007 -
Feds scramble to meet data breach deadline
July 19, 2007 -
Senate committee OKs bills on personal data breaches
May 3, 2007 -
National ID card a disaster in the making
May 3, 2007
Thanks to the Internet we have lightning-fast communications, credit, and commerce. Unfortunately, we also have data breaches, identity theft, and obscene amounts of junk mail and spam.
Consumers are bombarded, victimized, and annoyed. They express great concerns about their privacy and security, yet little is made available to them to protect it. And they only have restricted access to their own identity information held by data brokers, being forced to pay to see it, if in fact the businesses that hold it are even willing to sell it to them.
Tinkering with the current systems won't fix it. Instead, identity needs to be re-engineered around the demands of its logical owner--consumers--providing them more control, transparency, privacy, and security.
Our personal information--name, address, date of birth, Social Security number, credit worthiness, buying preferences and patterns, etc.--forms our financial identity, government identity, medical identity, and what I like to call our "marketing identity." As a result of history and technology--as opposed to good design--identity has been functionally divided into these different silos.
Each silo has its own set of data repositories, its own regulatory and legal regimes, its own data brokers and list providers selling personal data, and its own advocates representing consumers. These silos generally don't follow the same rules, share standards, or communicate with one another.
My financial identity is actually in pretty good shape. Financial identity is a central focus for most consumers because they interact regularly with their financial identity. They trust their financial institutions, and they have a much better view into their personal financial identity information than they do in any other silo.
What with all the noise about identity theft and the focus on finance--and specifically credit cards--it may be surprising that, in fact, financial identity works pretty well for consumers, which is no coincidence. I would argue that the financial services industry provides the U.S. consumer with the strongest, most secure and well-managed identity they have--both online and offline. We should carry this industry's powerful ideas of value, portability, responsibility, and trust forward as we begin to re-engineer identity.
Where consumers' financial identity breaks down is with the data broker middlemen. Within the financial identity silo are the three credit bureaus, Experian, Equifax, and TransUnion. The credit reports they traffic in are critical to consumers, determining availability of credit, employment, and access. Yet credit reports are well known to be full of errors. What's more, they are a popular tool for identity thieves.
My government identity, however, is pretty broken. The core identity provider in the United States, the federal government, regularly loses, misplaces, and publishes the consumer data it collects. When our government wants to get data on consumers, it buys it from data brokers like ChoicePoint and LexisNexis--somewhat odd because those companies primarily sell public records, which generally originate with the government itself. Notwithstanding the demonstrated lack of security on the part of these companies, government identity--including drivers' licenses and passports--remains our core and most usable of identity "tokens."
My marketing identity is today the most broken, controlled by dozens of list and data brokers who make billions of dollars a year selling my personal information to thousands of organizations. They give me no rights to see or affect what they sell, they don't allow me to tell them what I want and what I don't want, and they make it intentionally complex for me to get off their lists. The result is almost 4 million tons of junk mail sent to Americans each year.
The data broker breaches in 2005 were the watershed event that first shined light on this incredibly secretive industry. Since then, more than 165 million data records of U.S. residents have been exposed due to security breaches. Consumers are vulnerable not only because of what arrives in their mailbox, but because of the thousands of data records holding their sensitive personal information.
Consumers are starting to wise up, demanding meaningful choice over how and by whom their identity is used. Fixing identity is going to require the efforts of industry, government, and technology leaders, but it requires the consumer to ignite change. It's their identity. They know who they are. They know what they want and what they don't want.
Heck, just ask yourself.
Biography
Steven Gal is CEO of ProQuo, a start-up that allows users to choose which paper junk mail to stop receiving from different sources. He writes a
See more CNET content tagged:
silo, identity, identity theft, security, U.S.
Humans-in-the-loop are and always will be the wickedest problem of identity security. Identity is not an entity; it is a process.
As best we can tell, it was likely a human being who copied down her number somehow while she was doing a point-of-sale transaction.
Fortunately, the bank was pro-active and had canceled the card before we even called to complain, and we got our money back in less than a week, but it sure doesn't inspire confidence that it can happen at all. I'm just thankful that the banks are getting better than they used to be about staying on top of it.
Many in the financial sector follow ANSI standards, but NOT ALL.
Some governments strictly adhere to FIPS, but NOT ALL.
ISO is the international standards organization which most should follow, but NOT ALL.
SOX: Sarbanes OXley is another one which should be followed, but NOT BY ALL!
The key point is that ALL are excluded from the most important aspects of security. All of the above quoted standards were created to protect sensitive data.
And how much more sensitive can one get than when discussing identity theft of others?
These standards were created for a purpose. Many are required to follow these standards, but in reality, very few put them to actual use.
THAT'S THE PROBLEM!!!
Not a lack of standards, but a lack of standards compliance!!!
Follow that up with a lack of ensuring standards compliance and you have the double-whammy position which our society is in today.
The hundreds of millions of stolen identities are more than enough proof that the already set into place standards ARE NOT being followed to the T.
That said... who's going to hold whom responsible for the non-compliance?
Until the checks and balances of the security society are set into place, continue to see more of the same.
Walt
your name for 3 years from postal junk mail! I think this a good
step in the right direction on protecting our privacy from the many
companies that sell your name and info to other companies.
- Identity theft - The BIGGEST hole
- by patsimon November 7, 2007 10:15 AM PST
- The quickest, easiest way for ID thieves to steal your ID is to fill out a card changing your address and drop it in the mail box. The post office will notify you within a few weeks, but by the time they do, the theives have picked up enough of your first class mail to easily steal all your identities - financial, government, etc. Anyone can change your address any time, with no proof of identity.
- Like this Reply to this comment
-
(6 Comments)