 Identity theft has taken up new grounds in the debate about the protection of personal information. High profile successful unauthorised and fraudulent access to large databases where personal information is stored have more recently also called for speedy enactment of stringent legislation to assist in the curtailment of the phenomenon.
Of recent, identity theft was thought to only affect the victim. However it can be seen that organisations whose primary business involves obtaining and selling personal information are falling prey to sophisticated criminals who are willing to go the extra length to obtain as many instances of personal information at one fell swoop rather than having to hunt for individual pieces of information risking being caught out at each attempt.
Organisations that have made a business out of the brokerage of personal information have also learnt first hand that identity theft can also lead to damaged reputation and drop in share value. This can be illustrated with Choicepoint and Lexisnexis both of which have been hit by large scale identity theft of personal information stored on their databases.
It has been identified in recent surveys on both sides of the Atlantic that identity theft has increased over the years at exponential rates costing individuals and companies billions. Indeed in the study on the issue for the United Kingdom it has been estimated that identity theft is responsible for the economy losing out on an estimated £1.3 billion. While in the United States of America , the figure has been estimated by the Federal Trade Commission to be in the region of $48 billion. Given the above stats coupled with the growing numbers of people using the Internet to carry out commercial and personal activities, it can be determined that the numbers will accelerate over the next three years.
The rise in identity theft can be attributed to a number of issues:
- Huge margins for little effort and risk on the part of criminals
- No appropriate legislation or punishment to deter identity thieves
- Organisations not deploying appropriate security measures
- Victims not protecting their personal information
While the above issues are prevalent, organisations need to ensure that their systems, policies, procedures and processes are configured, defined and managed such that they do not allow for unauthorised access, modification or theft of personal information.
Our identity theft service consists of:
- Reviewing the systems used to process personal information this typically includes customer relationship management systems and databases.
- Reviewing authentication and verification procedures of customer relationship management systems
- Reviewing outsourcing agreements, processes and procedures to mitigate against identity theft
- Reviewing procedures, standards, processes and agreements relating to the disposal of personal information (soft and hard copies)
- Reviewing test plans processes and procedures of systems used to process personal information
- Reviewing staff vetting procedures
- Reviewing password and access control policies, procedures and processes
- Writing report on identified gaps and recommended solutions
- At Zylt Consulting we provide technical and legal advice to organisations on how to develop systems, policies, processes and procedures that can mitigate the risk of personal information under their control being compromised.
|
