From The Economist print edition
Collecting, and stealing, personal information is big business
PLATO asked What is man? and St Augustine asked Who am I? A new breed of criminals has a novel answer: I am you! Although impostors have existed for ages, the growing frequency and cost of identity theft is worrisome. Around 10m Americans are victims annually, and it is the leading consumer-fraud complaint over the past five years. The cost to businesses was almost $50 billion, and to consumers $5 billion, in2002, the most recent year that America's Federal Trade Commission collected figures.
After two recent, big privacy disasters, people and politicians are calling for action. In February, ChoicePoint, a large data-collection agency, began sending out letters warning 145,000 Americans that it had wrongly provided fraudsters with their personal details, including Social Security numbers.
Around 750 people have already spotted fraudulent activity. And on February 25th, Bank of America revealed that it lost data tapes that contain personal information on over 1m government employees, including some Senators. Although accident and not illegality is suspected, all must take precautions against identity theft.
Faced with such incidents, state and national lawmakers are calling for new regulations, including over companies that collect and sell personal information. As an industry, the firms such as ChoicePoint, Acxiom, LexisNexis and Westlaw are largely unregulated. They have also grown enormous. For example, ChoicePoint was founded in 1997 and has acquired nearly 60 firms to amass databases with 19 billion records on people. It is used by insurance firms, landlords and even police agencies.
California is the only state with a law requiring companies to notify individuals when their personal information has been compromised which made ChoicePoint reveal the fraud (albeit five months after it was noticed, and after its top two bosses exercised stock options). Legislation to make the requirement a federal law is under consideration. Moreover, lawmakers say they will propose that rules governing credit bureaus and medical companies are extended to data-collection firms. And alongside legislation, there is always litigation. Already, ChoicePoint has been sued for failing to safeguard individuals' data.
Yet the legal remedies would still be far looser than in Europe, where identity theft is also a menace, though less frequent and costly. The European Data Protection Directive, implemented in 1998, gives people the right to access their information, change inaccuracies, and deny permission for it to be shared. Moreover, it places the cost of mistakes on the companies that collect the data, not on individuals. When the law was put in force, American policymakers groaned that it was bad for business. But now they seem to be reconsidering it.
Copyright 2005 The Economist Newspaper and The Economist Group.
NOTE: For more telecom/internet/networking/computer news from the daily media, check out our feature 'Telecom Digest Extra' each day at. Hundreds of new articles daily. *** FAIR USE NOTICE. This message contains copyrighted material the use of which has not been specifically authorized by the copyright owner. This Internet discussion group is making it available without profit to group members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of literary, educational, political, and economic issues, for non-profit research and educational purposes only. I believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner, in this instance, Economist Group.
For more information go to: