On May 31, the FTC asserts that public agencies can help reduce the incidence and impact of identity theft. The FTC, in a discussion with the Ohio Privacy and Public Records Access Study Committee in Columbus, also affirms that government agencies should limit the amount of information they collect, restrict access to the information, and implement procedures to respond to data breaches.
The President’s Identity Theft Task Force was presented at the testimony delivering a comprehensive national strategy to combat identity theft. The plan, that has 31 initiatives the federal government should consider taking to combat identity theft, included recommendations on how to prevent sensitive data from falling into the wrong hands, to make such data less valuable to identity thieves by improving authentication, to ease victim recovery and to improve tools for effective criminal law enforcement.
The FTC’s testimony suggests that federal government agencies take steps to eliminate, restrict, or conceal the use of SSNs, often the key to identity theft, wherever possible. The suggestions to the federal agencies can be applied equally to government agencies at all levels.
The testimony notes that federal agencies are taking measures to strengthen their information security, and states that the Office of Management and Budget has issued guidelines about how agencies should safeguard sensitive information. Both private-sector and government entities should take steps to avoid data breaches, the testimony states. In addition to taking steps to avoid such breaches, government agencies also should have response plans in place should a breach occur. Such a plan would help an agency determine whether to notify consumers of the breach; what the notification should say; which third parties, if any should be notified; and whether to offer credit monitoring to people whose records may have been compromised.
The Commission vote to approve the testimony was 5-0.