Identity Crisis
A typically lengthy Slashdot discourse is taking place over identity, data theft, and corporate responsibility. These are hard times for identity. In Texas, a 14-year old girl is suing MySpace for $30 million for not protecting hers. According to the Privacy Rights Clearinghouse, 88 million Americans have had their identities and personal data compromised since February 2005. It seems like every time we turn to the news, there’s a new report about a stolen laptop containing thousands of sensitive records. How soon will it be until your identity is compromised? Or has it already been?
It’s time to start asking tough questions.
Why does the University of Virginia still ask for Social Security Numbers (SSNs) to verify identity? This practice should be stopped immediately. Other academic institutions are finding out why the hard way. In just the past three months, the University of South Carolina mistakenly emailed 1,400 SSNs to classmates. At Western Illinois University, a hacker scooped up 240,000 files containing names, addresses, SSNs, and credit card numbers. Ohio University has been repeatedly attacked, risking over 300,000 records. If we continue to use SSNs, it’s only a matter of time until something like this happens here.
Why aren’t credit card companies and banks held more accountable? Why do we get dozens of applications for credit cards or home equity loans a week? Why do we make it easy for these companies to put us at risk?
We all have a part to play in protecting personal identification. By “all”, I’m referring to consumers and institutions. Unfortunately, consumer vigilance has been the only dependable approach since corporations and other institutions have mostly been allowed to play Russian Roulette with our personal information. New laws or enforcement of current laws supporting more secure identity would be nice, but Congress hasn’t been eager to take on any substantive issues lately, much less this one. So, until the consumer identity uprising occurs, it’s up to us.
If you are a company or institution that works with sensitive information, please do it right. The following links are useful guides:
- A Checklist of Responsible Information-Handling Practices (Privacy Rights Clearinghouse)
- Encryption Can Save Data in Laptop Lapses (Washington Post)
- Responsibilities for Computing Devices Connected to the University of Virginia Network (UVa)
And for the consumer in all of us, here are some additional sites:
- Your National Resource About Identity Theft (Federal Trade Commission)
- Identity Theft Resource Center
- Fact Sheets & Other Publications (Privacy Rights Clearinghouse)
- How to Foil Identity Thieves (Wired)
Always a half-step behind Google… Apparently the Big G announced this morning that they’re “joining a group of notable U.S. companies calling for federal consumer privacy legislation.” Perhaps the uprising is already here.
I was floored when UVa demanded my SSN in order to issue me a computing ID a month or two ago. I tried my driver’s license number, but I was told that without a valid SSN, no computing ID. I can’t imagine what business they have possessing my SSN, or what good it’ll do them that my driver’s license number wouldn’t do.
I recently received a letter from the State of Ohio because my name was on the media that was recently stolen from an intern’s car. Now, how ridiculous is that? Now, they turn around and offer me a year of free identity theft surveillance. Again, who foots the bill on that? That’s right, the taxpayer’s of Ohio do. What good is it if I watch over my personal identity like a hawk, but state agencies are completely irresponsible with it? It makes me mad.