FTC to Host Workshop on Informational Injury; Seeking Public Comments; Workshop to be held December 12, 2017
Executive Summary Injury caused by information can affect people, businesses and governments and comes in many forms -- financial, psychological, health, reputation, freedom and livelihood to name a few. The cause of the injury can be intentional or unintentional. This paper provides a high-level review of how data used for identity theft, criminal identity theft, business identity theft, medical identity theft can lead to the injury of people and businesses. The data used for these purposes may be obtained via data breaches, deceptive business practices, physical theft or other nefarious activities. Weaponization of information is becoming more common. On a personal level, information can be weaponized to shame or to humiliate people via cyberbullying, cyber harassment, sexting, etc. The data used in these types of attacks may be real or fabricated. At the nation state level, information is weaponized for political and nation state activities such as cyber warfare. It is important when discussing information injury to understand there are protection and prevention mechanisms that can be developed to minimize the impact of injury. Processes to give people and businesses control over their personally identifiable information (PII) are outlined in the frameworks. These comments are prepared by Bev Corwin, Cindy Cullen and Niloufer Tamboly members, International Committee of The Identity Ecosystem Steering Group (IDESG).