Last week, the Santa Fe Group and ID Experts announced a 'Bill of Rights' for Identity theft victims. The document includes five basic rights to help consumers who are victims of identity theft and data breaches to protect and correct their personally identifiable information (PII) records:
For people who are unfamiliar with the issues, the white paper provides a background on the issues and trends about identity theft and identity restoration -- the challenges to consumers when fixing damage done by identity thieves. The white paper effort was led by the Identity Management Working Group of The Santa Fe Group Vendor Council chaired by Rick Kam, President of ID Experts. Kam noted:
“Despite new additions to the Fair and Accurate Credit Transaction Act of 2003 (FACT), such as free credit reports and the ability to place fraud alerts after identity theft, victims are still subject to inconsistent and unfair treatment from state and federal agencies, law enforcement and businesses. We created the Bill of Rights to empower victims by granting them the same rights as victims of other crimes.”
The Santa Fe Group is a consulting company to financial institutions and related infrastructure companies. ID Experts provides services to companies and to consumers covering identity restoration. Consumers and companies can download for free the Bill of Rights white paper, titled "Victims’ Rights: Fighting Identity Crime on the Front Lines" (364 K Bytes, Adobe PDF format; registration required).
This "Bill of Rights" is an excellent idea for several reasons. As Kam said above, consumers receive inconsistent treatment within and across States. First, most but not all States have laws defining what is personally identifiable information, and how companies and government agencies should protect that information. Second, most but not all States have laws requiring companies and government agencies to notify consumers after a data breach.
Third, most states do not define the content of what the components should be in a credit monitoring service offered in a company's post-breach response. This places consumers in a difficult situation thinking that their state has provided them with some protection, when in fact that protection is far weaker than they realize. Fourth, most consumers have no idea what to do to restore their identity information after damage by identity thieves.
Fifth, only a handful of states have laws protecting consumers against ID-theft involving RFID cards. There are so many ways identity thieves can steal consumers' sensitive data, that it makes sense to strengthen laws to help consumers fix the damage done by identity thieves. Sixth, only a couple states -- Maryland and New Hamsphire -- post online the breach notices received to help consumers verify breach notices.