CSIA endorses recommendations of Identity Theft Task Force report but notes key deficiency

Cyber Security Industry Alliance (CSIA) offered its reaction on the release of the President’s Identity Theft Task Force report, “Combating Identity Theft: A Strategic Plan.” Taking into account feedback from various sectors that confront identity theft issues, the report calls for a national standard for private sector data protection and breach notification as a key component to fighting the problem of identity theft. The report fails, however, to extend this national standard to government entities.

“CSIA has long argued that efforts to address consumer data protection must be coordinated at the national level in order to be effective. This new report, which takes into account feedback from key stakeholders, further supports that argument,” said Liz Gasster, general counsel for CSIA. “Given escalating numbers of personal data breaches in government information systems, we are renewing our call for a comprehensive national law that aims to both prevent further data breaches and address data leaks once they occur, regardless of whether the data is held by government, a private sector entity or an educational institution or other non-profit.”

The report outlines improvements that are needed in four key areas including: keeping sensitive consumer data safe through better data security and more accessible education; making it more difficult for identity thieves who obtain consumer data to use it to steal identities; assisting the victims of identity theft in recovering from the crime; and deterring identity theft through more aggressive prosecution and punishment of those who commit the crime.

It offers several key data security measures for both the public and private sectors. Related to the public sector, the report calls for decreasing the unnecessary use of Social Security Numbers, educating federal agencies on how to protect data, monitor their compliance with existing guidance and ensure effective, risk-based responses to data breaches. For the private sector, the report states that national standards should be established for private sector data protection and breach notifications, better education on the safeguarding of data should be offered among private sector entities and to the general public, investigations should be initiated for data security violations and an online clearinghouse for current educational resources should be developed.