FTC Testifies on Efforts to Combat Identity Theft and Protect Consumer Privacy

The Federal Trade Commission today told the House Judiciary Committee’s Subcommittee on Crime, Terrorism, and Homeland Security that identity theft remains one of the highest priorities for the Commission, and that the agency is playing a lead role in preventing identity theft and helping those who are victimized.

Testifying for the Commission, Joel Winston, Associate Director of the FTC’s Division of Privacy and Identity Protection, described the agency’s multi-faceted efforts to combat identity theft, including law enforcement, business and consumer education, and participation in the President’s Identity Theft Task Force. With respect to law enforcement, the Commission has brought 14 cases since 2001 against businesses that failed to implement reasonable security measures to protect sensitive consumer data. In each case, according to Mr. Winston, the alleged security vulnerabilities were multiple and systemic, and in most cases, readily-available and inexpensive measures were available to prevent them.

The Commission also has played a lead role in the President’s Identity Theft Task Force, which is co-chaired by FTC Chairman Deborah Platt Majoras, the testimony stated. The Commission and the 16 other Task Force agencies issued a Strategic Plan earlier this year, with 31 recommended initiatives focused on identity theft prevention, victim assistance, and deterrence. The initiatives, most of which have been implemented or are in the process of being implemented, include a nationwide consumer education campaign, which the Commission has launched under the name: “Avoid ID Theft: Deter, Detect, Defend.” Since its launch, the agency has distributed over 2.6 million copies of the Deter, Detect, Defend brochure, and has recorded nearly 5 million visits to the campaign’s Web site. This campaign supplements existing FTC consumer education efforts. For example, since 2000, the Commission has distributed more than 9.7 million copies of its identity theft primer and victim recovery guide. The FTC also sponsors a multimedia Web site, OnGuard Online, designed to educate consumers about basic computer security, including the importance of not disclosing personal information to possible fraudsters. Developed in partnership with other agencies and the technology sector, OnGuard Online has attracted more than 4.3 million visits to its Web site.

In addition, the testimony states, the FTC has developed and distributed detailed data security guidance for businesses, including a brochure and online tutorial. The agency plans to hold a series of regional conferences for businesses beginning in early 2008.

The testimony describes a number of other Task Force-recommended initiatives, some of which are intended to help prevent identity theft. For example, the Commission hosted two public workshops this year to identify ways to make sensitive information, such as Social Security numbers, less valuable for identity thieves, and will issue a report to Congress early next year with recommendations regarding the private sector use of Social Security numbers.

Many of the Task Force initiatives are designed to help identity theft victims. For example, the FTC has published an identity theft victim statement of rights on its Web site and at www.idtheft.com, and is working with the Department of Justice to develop expanded resources for victims through DOJ grants to not-for-profit victim advocates. The FTC also is partnering with the DOJ, the U.S. Secret Service, and other government agencies to expand its training for state and local law enforcement. Since 2002, 26 training sessions for more than 3,300 officers from more than 1,000 agencies have been conducted, and several more sessions are planned for the coming months. The FTC also has developed a “universal police report” that identity theft victims can complete online, print, and take to a law enforcement agency for verification. With this report, victims can request that fraudulent information on their credit report be blocked and obtain a seven-year fraud alert on their credit.

According to the testimony, as many as 20,000 consumers contact the FTC every week for information on how to guard against identity theft or to obtain assistance in recovery. The agency receives about 250,000 reports of identity theft every year, and these consumers receive step-by-step guidance on how to minimize the harm and recover from the crime. Victims’ experiences are added to the agency’s Identity Theft Data Clearinghouse, which is accessible to more than 1,700 investigative agencies for their use in their law enforcement efforts.

The testimony also summarizes the Commission’s efforts to implement the identity theft -related provisions of the Fair and Accurate Credit Transactions Act. For example, the FTC and bank regulatory agencies recently issued the final Identity Theft Red Flags guidelines and rules, which require businesses that hold consumer accounts to develop and implement an “Identity Theft Prevention Program.”

The FTC has acted aggressively on several other issues that threaten consumer privacy, according to the testimony, including law enforcement actions against “pretexting,” a practice in which perpetrators use fraud or pretense to obtain access to consumers’ financial information, telephone call records, or other sensitive information. In addition, The Commission has brought 11 spyware cases, 92 law enforcement actions involving spam (since 1997), and 34 cases alleging that telemarketers violated the provisions of the National Do Not Call Registry or other aspects of the FTC Telemarketing Rule. Last month, the testimony noted, the Commission announced its latest crackdown on Do Not Call violations, including a lawsuit and six settlements involving such prominent companies as Craftmatic Industries, ADT Security Services, and Ameriquest Mortgage Company, resulting in total fines of almost $7.7 million.

The testimony noted that the FTC also enforces the Children’s Online Privacy Protection Act (COPPA), which prohibits the collection, use, or disclosure of personal information from children under age 13 without prior parental notice and consent. Since 2000, the agency has brought 11 COPPA enforcement actions, obtaining more than $1.8 million in civil penalties, and more COPPA cases are forthcoming.

The Commission vote authorizing the presentation of the testimony and its inclusion in the formal record was 5-0.

Copies of the testimony are available from the FTC’s Web site at http://www.ftc.gov and from the FTC’s Consumer Response Center, Room 130, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580. The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint in English or Spanish or to get free information on any of 150 consumer topics, call toll-free, 1-877-FTC-HELP (1-877-382-4357), or use the complaint form at http://www.ftc.gov/ftc/complaint.shtm. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to more than 1,600 civil and criminal law enforcement agencies in the U.S. and abroad.