What keeps you up at night? For me, it's identity theft. I base my concern on facts, not fears. Whatever day you read this column, you will find a fresh report of a breached, stolen, or lost database of personal information from that week. As I write this, the Los Angeles Times reports that hackers gained access to the personal information of about 800,000 students and employees at UCLA. That occurred just after the Privacy Rights Clearinghouse said that the number of records compromised since February 2005 had crossed the 100 million mark. Among the records are those of bank customers and credit card holders.
People who dismiss this risk argue that many of these records are simply lost, not stolen. Would anyone be as sanguine about the loss of something tangible, such as safe deposit box keys with identifying information?
Naysayers also point to the current low incidence of reported ID theft relative to the number of compromised records – about one-fourth of one percent. That won't last.
I'm reminded of when my sister thought the risk of smoking was exaggerated because everyone smoked, and they were all fine. As it turned out, that risk just had a long gestation period. Today, lung cancer is the number one cancer killer, causing more fatalities than all other cancers combined.
The analogy with your personal information is that most of the database losses and breaches seem benign so far because they have not resulted in malignant use of the information; that doesn't mean you have nothing to worry about. The long-term prognosis may not be so good.
Consider that identity theft was the fastest-growing contributing factor reported in mortgage loan fraud, which itself was up 35 percent in 2006, according to government analysis of suspicious activity reports from banks. And when Immigration and Customs Enforcement agents raided meat processing plants late last year, they also uncovered a large identity theft scheme involving illegal immigrants. Overall, ID theft complaints rose about 20 percent from 2003 to 2005. But in the immigration case, many victims were not even aware that their identities had been appropriated.
Today, much of the ID theft reported is still based on old-fashioned crime, such as when an insider steals customer data or a person loses a credit card. But the risk from the Internet will grow exponentially over time, not unlike what has happened with spam, only with more serious consequences.
Efforts to secure records are ongoing, but more needs to be done. One important step would be to require credit agencies to get your permission before releasing any of your information. That might provide an early warning before information could be misused. As Congress sets priorities for the year, this issue should be among them.