Government agencies, financial services companies, data aggregators, and other firms must do a better job combatting identity theft, according to an IT industry group.
The Information Technology Association of American (ITAA) released a plan yesterday encouraging organizations to work together to fight data breaches and strengthen the security and privacy of customer data.
"Consumers should not have to worry about their information getting into the hands of identity thieves and other criminals," said ITAA President Harris Miller in a statement. "People have a reasonable expectation that information they disclose on a credit application or for other purposes will be treated responsibly and that their right to privacy will be protected."
The ITAA is pushing for the improvement of law enforcement powers and enhanced notification of affected individuals when breaches do occur. Its plan calls for a national breach notification law and better cooperation between industry groups and law enforcement.
In addition, a national law enforcement effort that increases penalties for internet thieves must be implemented, according to ITAA's six-point strategy. The group's plan also encourages data aggregators and other companies to develop strong IT security processes and adopt new security tools.
According to the ITAA, the onus falls to both private sector companies and government agencies storing critical customer data to ensure they have a meaningful security policy, supported by properly deployed security solutions to enhance authentication and vetting processes. Further, a set of best practices, policy standards and educational initiatives should be undertaken by all affected industry players.
"The ITAA plan ... promotes the adoption of best practices to address the root cause of identity theft rather than just treating the symptoms. The only way that these best practices can work is if they are implemented in concert with legislation through law enforcement," said Christine Crandell, vice president of marketing at IPLocks. "[It] implements the necessary elements of people, process and technology so that organizations can implement robust information security to effectively deter these breaches."