By Doug Pollack, Chief Marketing Officer for ID Experts:
Because data breaches have become such commonplace incidents, there is concern that people have become desensitized to the potential harm they face upon receiving a notification letter from an organization informing them that sensitive information has been lost or misappropriated.
A recently published report from Javelin Strategies should be a wake up call to those people.
The Javelin report, Data Breach Notifications: Victims Face Four Times Higher Risk of Fraud, is based on multiple years of data and includes updates on 2009 data breaches, implications of changes to the legislative landscape and the technical means by which data breaches occur.
This report should also be heeded by those banks, healthcare organizations, government agencies, insurance companies and others that we entrust with our social security and checking account numbers, birthdates and mothers’ maiden names, and in some cases our personal health information.
Primary Questions
- Is there a link between data breach notification letters and identity fraud?
- Are data breach notification letters working?
- In the face of escalating data breaches, what should financial institutions and other companies do to protect brands and customer loyalty?
- How do victims respond to breach notification, and how does this impact their relationship with their financial institution?
- Are paper or electronic records most vulnerable?
- How are criminals obtaining data records?
There is now proof that data breach incidents put the affected individuals in harms way.
This report is mainly based on consumer data collected from Javelin’s annual Identity Fraud Survey. The survey is conducted each year using computer-assisted telephone interviewing (CATI) via random-digit dialing from 4,784 respondents in October 2008, 5,075 respondents in October 2007, and 5,000 respondents in October 2006. The surveys targeted respondents based on representative proportions of gender, age and income compared to the overall U.S. online population.
Some data also came from Dataloss.db.org, an open community research project that documents known and reported data loss incidents worldwide. Some data also came from the Identity Theft Resource Center, a non-profit organization that compiles information about public data breaches to help understand and prevent identity theft.
The responsibility for doing everything possible to help these people address this harm — from identifying identity fraud to cleaning up the fraud — should fall squarely on the laps of the entrusted organizations.
—
The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com