ChoicePoint, a consumer data vendor, hands over personal information on at least 145,000 people to criminals posing as small businesses. Hackers swipe the personal information of 32,000 people who use the database Lexis-Nexis. Bank of America loses backup tapes containing 1.2 million federal employee records. Every day, it seems, a new identify theft incident is reported (or occurs, without being reported) followed by new rounds of questions: Should data vendors be regulated? Can identity theft hurt e-commerce? How do individuals protect themselves? Unfortunately, suggest Wharton faculty and others, no simple answers are available, especially when personal information is so easily available through search engines.
The cost of identity theft continues to escalate. According to a Federal Trade Commission survey released in September 2003, the latest year available, nearly 10 million Americans have been victims of some form of identity theft, resulting in $47.6 billion in damages accruing to businesses. Victims spent an average of 30 hours trying to fix the damage and suffered losses totaling $5 billion.
Those figures are likely to grow in the future, given the number of incidents reported so far this year. In addition, because a recent California law requires any company that operates in the state to disclose when personal information is lost, incidents continue to surface at a rapid clip: On March 8, for example, DSW Shoe Warehouse reported the theft of purchase information and credit card numbers from shoppers at 103 stores. Separately, California State University at Chico disclosed that hackers lifted personal information, such as names and social security numbers, from a housing and food service information system.
"Without that California law, we would not have heard of any of these breaches," says Kendall Whitehouse, senior director of information technology at Wharton.
Meanwhile, Senator Diane Feinstein, Democrat from California, proposed a bill on January 24 that would require companies nationally to disclose when customer data has been breached.
[continue]
Page 1 of 7
> >>