The Federal Trade Commission today told Congress that it is using a variety of initiatives to combat identity theft. Testifying before the House Financial Services Committee, Howard Beales, Director of the FTC's Bureau of Consumer Protection, said the agency has worked to educate consumers, train law enforcers, and advise businesses about keeping consumer information secure in an effort to stem identity theft. The agency also has brought enforcement actions against companies that failed to take appropriate precautions against security lapses.
The Commission has a well-established identity theft program. In 1998, Congress gave the FTC responsibility to establish and maintain a repository of identity theft complaints and to provide victim assistance and consumer education. To implement those responsibilities, the Commission established a toll-free telephone hotline consumers can call to report identity theft and to obtain information; set up a centralized database, accessible to more than 600 law enforcement organizations nationwide, to aid law enforcement; and engaged in an aggressive public education campaign for consumers and businesses.
Law enforcement actions also play an important role in the Commission's efforts to stem security breaches. "One of the mainstays of the Commission's privacy program is the enforcement of promises that companies make to consumers about privacy, and in particular, the precautions they take to ensure the security of consumers' personal information. The Commission currently enforces such promises both online and offline. The Commission is particularly concerned about breaches involving sensitive information because they put consumers at the greatest risk of identity theft and other harms," the testimony says.
Last August the FTC announced a settlement with Microsoft Corporation regarding misleading claims about the security of information collected from consumers through its Passport, Passport Wallet, and KidsPassport. An earlier settlement with Eli Lilly Co. also involved alleged misrepresentations regarding the security provided for sensitive consumer health information. "It is not enough to make promises about protecting personal information, and then just hope that nothing bad happens or, if it does, that nobody finds out. Fulfilling privacy and security promises requires affirmative steps to ensure that personal information is appropriately protected from identity theft and other risks to consumers' personal information," Beales said.
The FTC also is working with institutions that maintain personal information, including financial institutions, credit issuers, universities, and retailers to identify ways to help keep that information safe from identity theft, and will soon publish a self-audit guide to make businesses and organizations of all sizes more aware of how they are managing personal information and to aid them in assessing their security protocols, the testimony says. "As awareness of the FTC's role in identity theft has grown, businesses and organizations who have suffered compromises of personal information have begun to contact the FTC for assistance. For example, in the cases of TriWest and Ford/Experian, in which massive numbers of individuals' personal information was taken, the Commission provided advice on notifying those individuals and on what steps they should take to protect themselves," the testimony says.
The Commission has finalized its Gramm-Leach-Bliley Safeguards Rule, which requires financial institutions under the FTC's jurisdiction to develop and implement appropriate physical, technical, and procedural safeguards to protect customer information. When that Rule becomes effective on May 23, 2003, it will prove to be an "important tool" to ensure greater security for consumers' financial information. "The Rule could go far towards reducing risks to this information, including identity theft," the testimony says.
The FTC has expanded its role in educating consumers, private industry, and law enforcement, according to the testimony. The FTC also has worked with industry and consumer advocates to create a single, standard form consumers can use in absolving identity theft debts with creditors with whom identity thieves had opened accounts. "From its release in August 2001 through February 2003, the FTC has distributed more than 264,000 print copies of the ID Theft Affidavit. There also have been more than 351,000 hits to the Web version," the testimony notes. Working with industry, the agency has developed a "joint fraud alert" to allow credit reporting agencies to share requests for fraud alerts to eliminate a consumers need to contact each of the three agencies separately. A pilot program to test the alert begins this month.
Testimony to District City Council
In separate testimony before the Committee on the Judiciary of the Council of the District of Columbia, Betsy Broder, Assistant Director in the FTC's Bureau of Consumer Protection said that in calendar year 2002, 704 District residents filed identity theft complaints with the agency. "Although in aggregate this represents a small number of victims, it does position the District as the jurisdiction with the highest per capita rate of ID theft (per 100,000 residents) in the nation." Broder said that may reflect, in part, the fact that the District, which is wholly urban, is treated as a state for statistical purposes, resulting in a higher concentration of identity theft cases.
The testimony also notes that while 36 percent of identity theft victims nationwide obtain police reports, only 24 percent of victims in the District were able to obtain them. "Police reports are significant, because the police report establishes the victim's good faith status as a victim, rather than someone seeking to evade legitimate debts. Also, consumer reporting agencies have voluntarily instituted a program to block the fraudulent trade lines on an IDT victim's credit report upon submission of the report," Broder said.
The testimony concluded that the Commission will continue its efforts to educate consumers and businesses, assist criminal law enforcement efforts, and provide victims assistance.
The Commission vote to approve the testimony was 5-0.
Copies of the testimony are available from the FTC's Web site at http://www.ftc.gov and also from the FTC's Consumer Response Center, Room 130, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580. The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint, or to get free information on any of 150 consumer topics, call toll-free, 1-877-FTC-HELP (1 877-382-4357), or use the complaint form at http://www.ftc.gov. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.
(FTC File No. P034302)
Office of Public Affairs
Bureau of Consumer Protection
202-326-3296 or 202-326-2968