Ironically, yesterday the Federal Trade Commission, the federal agency tasked with the responsibility for investigating and prosecuting incidents of identity theft, issued a press release admitting that two of its laptop computers had been stolen exposing approximately 110 people to the prospect of identity theft. I thought that by publicly admitting that the incident occurred and providing a minor credit card monitoring remedy to prospective victims, the Federal Trade Commission acted somewhat properly. However, in my opinion, once confidential information falls in the hands of criminals, if the criminals know about the existence of such information, data and identity crime almost invariably will occur. For this reason, the Federal Trade Commission did not go far enough to protect the prospective victims of this theft. I am not alone with this perspective.
At a hearing yesterday in the United States House of Representatives Committee on Veterans Affairs, commenting on recent data theft from the Veterans Affairs Department, Committee Chairman Steve Buyer (R. Indiana) suggested that credit monitoring alone was not an appropriate remedy to address the needs of veterans who may become victims of identity theft. In fact, Chairman Buyer suggested that both credit monitoring and insurance are necessary to
“craft a product that places veterans in assurance that they won’t have an out-of-pocket loss.”
Data theft has occurred recently at the Federal Trade Commission, the Veterans Affairs Department, the United States Department of Health and Human Services, the United States Department of Energy, and the United States Department of Agriculture to name a few. I believe that the both monitoring and insurance remedies are absolutely essential to ensure victims of each and every one of these incidents that they will not face identity theft problems through no fault of their own. For that matter, if credit monitoring alone does not provide a sufficient remedy to victims of government adminstered programs, in my opinion, then such remedies alone will not provide sufficient remedies to victims of identity theft in the private sector. The same protections suggested at yesterday’s hearing should certainly be made available to victims of identity theft in the private sector. What do you think?