Combating Identity Theft: A Strategic Plan

Citation: The President's Identity Theft Task Force Report (Sept. 2008).

This report documents the Task Force’s efforts to implement the Strategic Plan’s recommendations. The Task Force has successfully carried out most of the recommendations or is making substantial progress in doing so.

The Strategic Plan included recommendations in four key areas:
 * Data protection &mdash; keeping consumer data out of the hands of criminals;
 * Avoiding data misuse &mdash; making it harder for criminals to exploit consumer data;
 * Victim assistance &mdash; making it easier for victims to detect and recover from identity theft; and
 * Deterrence &mdash; increasing prosecution and punishment of perpetrators.

In these four areas, the Task Force made a total of 31 recommendations, ranging from small, incremental steps to broad policy changes.

First, with respect to data protection, the Task Force has promoted a new culture of security in the public and private sectors. For the public sector, the Task Force member agencies launched a variety of initiatives aimed at making the federal government a better custodian of sensitive personal information. The Office of Management and Budget, for example, worked to educate all federal agencies on improving data security practices and is monitoring their performance in doing so. The Office of Personnel Management led an inter- agency initiative to eliminate unnecessary uses of Social Security numbers (SSNs)—one of the most valuable commodities for identity thieves—in federal government human resource functions, while individual agencies began to eliminate unnecessary uses of SSNs in other aspects of their work. The Task Force encouraged similar data security efforts in the private sector by launching several policymaking, outreach, and enforcement initiatives.

The Task Force expanded its data security and identity theft business and consumer education campaigns through speeches, videos, articles, brochures, testimony, in- terviews, tip sheets, and a best practices workshop for businesses. In one important example, the U.S. Postal Service delivered a mailing in early 2008 to 146 million U.S. residences and businesses with advice on how to protect themselves against identity theft. Task Force member agencies continued to investigate and, where appropriate, take civil, administrative, or criminal enforcement action against individuals and entities for violations of data security laws and regulations. Second, the Task Force examined ways to prevent identity theft by making it harder for thieves to misuse consumer data. Member agencies held two public workshops that explored means of improving consumer authentication processes to prevent thieves from using stolen personal information to access existing accounts or open new ones. One of the workshops specifically addressed the availability and use of SSNs in the authentication process, and whether there are better and less sensitive substitutes. These workshops provided opportunities for public and private sector representatives and consumer advocates to explore these issues. Third, the Task Force launched a number of initiatives to assist identity theft victims when they begin the sometimes arduous task of repairing their credit and restoring their good names. Task Force member agencies over the past year provided identity theft training to over 900 law enforcement officers—often the first sources to whom victims turn—from over 250 agencies. Task Force members also trained victim assis- tance counselors and provided grants to organizations that directly help identity theft victims. Task Force members developed and posted an Identity Theft Victim State- ment of Rights and are working closely with the American Bar Association on a pro bono legal assistance program for identity theft victims. Task Force members also are continuing to evaluate the effectiveness of various laws and programs designed to help victims, such as state identity theft “passport” programs, state credit freeze laws, and rights granted under the Fair and Accurate Credit Transactions Act of 2003. Fourth, the Task Force worked to improve law enforcement’s ability to investigate, prosecute, and punish identity thieves by proposing legislation to Congress, improv- ing coordination and training for local law enforcers, and targeting criminal enforce- ment initiatives. Task Force members also are enhancing international cooperation by partnering with foreign law enforcement agencies in identity theft investigations and providing them with training and assistance, and encouraging greater information sharing among and between law enforcement agencies and the private sector. The Task Force’s Strategic Plan notes that there is no simple solution to identity theft. It is an ever-evolving problem with many dimensions. Public concerns about the security of personal information and identity theft remain at high levels, with poten- tially serious consequences for the functioning of our economy.2 The efforts of the Task Force over the past year to implement the Plan’s recommendations have under- scored the need for a comprehensive and coordinated response from both the public and private sectors. These efforts have already made a difference and will continue to do so in the coming years.