News
Researchers: Notification Laws Not Lowering ID Theft
Over the past five years, 43 U.S. states have adopted data breach notification laws, but has all of this legislation actually cut down on identity theft? Not according to researchers at Carnegie Mellon University.
By Robert McMillan, IDG News Service (San Francisco Bureau)
Romanosky admits that there may be problems in the methodology used by his team. And while he noted that the data -- compiled from self-reported complaints -- may not be perfect, the FTC database is the only source of this type of information.
In fact, there may be good reasons that explain why breach laws have not cut down on identity theft. Many consumers simply ignore breach notification letters. And Romanosky believes that security firms are still not doing enough to protect data themselves. "In so many of these cases, the breaches occur because of ridiculous security practices," he said.
Romanosky knows something about information security in the corporate world. Before deciding to pursue his Ph.D, he worked in the security groups of companies such as Morgan Stanley and eBay.
The researchers suggest a few next steps to better understand identity theft. The federal government should adopt a unified breach law in order to "reduce conflict between states laws and lower the barrier for compliance," they write in their paper.
Also, there should be standardized notification requirements so that victims learn pertinent information about the breach. Finally, they said that some kind of oversight committee should be set up as the definitive source of breach data, so that there is better information for consumers, policy makers, and researchers.
Gartner's Litan offered one more observation that might explain Carnegie Mellon's findings: The fraudsters are also getting better at what they do, she added. "If you talk to the largest banks, they will tell you that fraud has really increased in the past 18 months," she said. "And they project it going up very significantly in the next two years."
"The thieves are just getting better and there's more fraud," she said.
Other stories by Robert McMillan
Data breach
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Keeping Your Members Safe from Online Scams and Predators
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- WagerWorks Takes Fraudsters Out of the Game Using iovation
- Implementing Best Practices for Web 2.0 Security
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
