The Data Breach Dilemma: Proactive Solutions for Protecting Consumers’ Personal Information

Data breaches are an increasingly common part of consumers’ lives. No institution is immune to the possibility of an attack. Each breach inevitably risks the release of consumers’ personally identifiable information and the strong possibility of identity theft. Unfortunately, current solutions for handling these incidents are woefully inadequate. Private litigation like consumer class actions and shareholder lawsuits each face substantive legal and procedural barriers. States have their own data security and breach notification laws, but there is currently no unifying piece of legislation or strong enforcement mechanism. This Note argues that proactive solutions are required. First, a national data security law—setting minimum data security standards, regulating the use and storage of personal information, and expanding the enforcement role of the Federal Trade Commission—is imperative to protect consumers’ data. Second, a proactive solution requires reconsidering how to minimize the problem by going to its source: the collection of personally identifiable information in the first place. This Note suggests regulating companies’ collection of Social Security numbers, and, eventually, using a system based on distributed ledger technology to replace the ubiquity of Social Security numbers

Risks of identity theft: Can the market protect the payment system?

Identity theft has been a feature of financial markets for as long as alternatives have existed to cash transactions. But identity theft has recently occurred on a much larger scale. Data breaches often involve the apparent loss or acknowledged theft of the personal identifying information of thousands--or millions--of people. ; Identity theft poses risks, not only to individuals, but to the integrity and efficiency of the payment system--the policies, procedures, and technology that transfer information for authenticating and settling payments among participants. Identity theft can cause a loss of confidence in the security of certain payment methods and an unwillingness to use them. Markets can cease operating or switch to less efficient payment methods. Either represents a loss of efficiency for the economy. ; Schreft looks at the nature of identity theft today and the factors underlying its mounting risks. She also explores whether markets are able to limit the risks identity theft poses to the payment system.Identity theft ; Payment systems

Information security, data breaches, and protecting cardholder information: facing up to the challenges

On September 13 and 14, 2006, the Payment Cards Center of the Federal Reserve Bank of Philadelphia and the Electronic Funds Transfer Association (EFTA) hosted a conference entitled “Information Security, Data Breaches, and Protecting Cardholder Information: Facing Up to the Challenges.” The two-day event was designed to bring together a diverse set of stakeholders from the U.S. payments industry to discuss a framework to guide industry practices and inform public policy. This paper summarizes key highlights from this event. Conference participants emphasized that the industry must address two fundamental issues: (1) increasingly dangerous threats to sensitive consumer information and (2) public perception and understanding of the risks from data breaches. These challenges are related but need different solutions. A consensus emerged that while the situation is not yet dire, it is serious, and warrants attention from all payments stakeholders.Data protection ; Payment systems ; Computer security

Risky business: managing electronic payments in the 21st Century

On June 20 and 21, 2005, the Payment Cards Center of the Federal Reserve Bank of Philadelphia, in conjunction with the Electronic Funds Transfer Association (EFTA), hosted a day-and-a-half forum, “Risky Business: Managing Electronic Payments in the 21st Century.” The Center and EFTA invited participants from the financial services and processing sectors, law enforcement, academia, and policymakers to explore key topics associated with the challenge of effectively managing risk in a payments environment that is increasingly electronic. The meeting’s goal was to identify areas of potential risk and explore interindustry solutions. This paper provides highlights from the forum presentations and ensuing conversations.

Semi-Annual Report to Congress for the Period of October 1, 2002 to March 31, 2003

[Excerpt] It is a privilege to transmit this Semiannual Report to the Congress covering the period October 1, 2002, through March 31, 2003, summarizing the significant audit and investigative activities of the Office of Inspector General (OIG), U.S. Department of Labor (DOL). Moreover, I am pleased to introduce a new format for our report that makes use of advances in information technology and moves the OIG forward in the e-government environment. Readers will now receive a “Highlights” summary that emphasizes key audits and investigations conducted by the OIG. The Highlights contains information on how to visit our website and download the complete report. Our goal is to allow you to review snapshots of our work and quickly access those issues of most interest to you. Of special note during this reporting period was the inclusion of statutory law enforcement authority for our investigators in the Homeland Security Act of 2002 (P.L. 107-296). This authority enhances our ability to investigate labor racketeering and fraud against pension plans, which has become increasingly important as other Federal law enforcement agencies redirect their resources toward homeland security activities. Among our significant investigative accomplishments during this period was the indictment of 42 individuals including members and associates of the Genovese and Colombo La Cosa Nostra (LCN) organized crime families and Locals 14 and 15 of the Operating Engineers, for unlawful labor payments as well as other charges. Another investigation led to guilty pleas by associates of the Gambino LCN Family. In total, during this reporting period, our investigative work resulted in 337 indictments, 191 convictions, and over $55.6 million in monetary accomplishments. From an audit perspective, we issued a series of reports during this period related to the Workforce Investment Act (WIA) including youth training programs, individual training accounts, and the amount of WIA funding available to states. We hope these reports and recommendations will offer valuable information as the Congress considers WIA reauthorization. We also reported the results of our work with respect to Florida’s closeout of its job training grants, which identified significant discrepancies between the State\u27s financial status reports and its official accounting records. Also significant this period was our follow-up audit of overcharges by the Internal Revenue Service to the Unemployment Trust Fund that totaled$174 million for fiscal years 1999–2002. This targeted work, as well as other audit work, identified nearly $184 million in questioned costs. I am proud of the work of all OIG employees and their continued commitment to serving American workers and taxpayers. My staff and I look forward to continuing to work constructively with the Secretary and the DOL team to further our common goal of ensuring the effectiveness, efficiency, and integrity of the programs that serve and protect the rights and benefits of American workers and retirees

The Benefits and Costs of Online Privacy Legislation

Many people are concerned that information about their private life is more readily available and more easily captured on the Internet as compared to offline technologies. Specific concerns include unwanted email, credit card fraud, identity theft, and harassment. This paper analyzes key issues surrounding the protection of online privacy. It makes three important contributions: First, it provides the most comprehensive assessment to date of the estimated benefits and costs of regulating online privacy. Second, it provides the most comprehensive evaluation of legislation and legislative proposals in the U.S. aimed at protecting online privacy. Finally, it offers some policy prescriptions for the regulation of online privacy and suggests areas for future research. After analyzing the current debate on online privacy and assessing the potential costs and benefits of proposed regulations, our specific recommendations concerning the government's involvement in protecting online privacy include the following: The government should fund research that evaluates the effectiveness of existing privacy legislation before considering new regulations. The government should not generally regulate matters of privacy differently based on whether an issue arises online or offline. The government should not require a Web site to provide notification of its privacy policy because the vast majority of commercial U.S.-based Web sites already do so. The government should distinguish between how it regulates the use and dissemination of highly sensitive information, such as certain health records or Social Security numbers, versus more general information, such as consumer name and purchasing habits. The government should not require companies to provide consumers broad access to the personal information that is collected online for marketing purposes because the benefits do not appear to be significant and the costs could be quite high. The government should make it easier for the public to obtain information on online privacy and the tools available for consumers to protect their own privacy. The message of this paper is not that online privacy should be unregulated, but rather that policy makers should think through their options carefully, weighing the likely costs and benefits of each proposal.

Data security, privacy, and identity theft: The economics behind the policy debates

Privacy ; Identity theft ; Data protection

Health Care Fraud

Provides an overview of trends in fraud and abuse involving private insurance, Medicaid, and Medicare; types of schemes; risk factors; and consequences. Examines federal and state laws aimed at healthcare fraud, reported cases, and enforcement efforts

Identity theft

Identity theft

A Holistic View of Identity Theft Tax Refund Fraud

This thesis attempts to explain what identity theft tax refund fraud is and how the issue has developed over the years. It presents a holistic, historic view of the problem as well as how it has been addressed. It primarily relies on reports from the Internal Revenue Service (IRS), Treasury Inspector General for Tax Administration (TIGTA), Government Accountability Office (GAO) and National Taxpayer Advocate (NTA) in its assessment. It does not examine foreign tax administrations’ methods of dealing with identity theft refund fraud or the extent of the issue in other principalities, and therefore this is an area in need of further research. This thesis does not attempt to make an argument for the efficacy of funding for the IRS either, which is an area that could be further studied. It also does not deal with employment-related identity fraud, which some relate to identity theft refund fraud