A task force named by President Bush to study identity theft has made recommendations on measures that can be implemented immediately, U.S. Attorney General Alberto R. Gonzales and Federal Trade Commission Chairman Deborah Platt Majoras said.
"As with any crime, victims of identity theft suffer feelings of violation and stress, but in these cases, victims have the added burden of cleaning up the mess that the identity thieves leave behind," said Attorney General Gonzales.
The task force consists of 17 17 federal agencies and departments and will deliver a final plan in November.
The interim recommendations include:
• Development of Universal Police Report for Identity Theft Victims: To ensure that identity theft victims have easy access to police reports documenting the misuse of their personal information -- which are necessary in order for the victims to, for example, request that fraudulent information on their credit report be blocked, or to obtain a seven-year fraud alert on their credit file -- the Task Force recommends the development of a "universal police report" that an identity theft victim can complete online, print and take to a local law enforcement agency for verification and incorporation into the police department's report system.
• Extending Restitution for Victims of Identity Theft: To allow identity theft victims to recover for the value of the time that they spend attempting to make themselves whole for example, the hours spent disputing fraudulent accounts with creditors that may be compromised or spent correcting credit reports -- the Task Force recommends that Congress amend the criminal restitution statutes to require that defendants pay identity theft victims for the value of their lost time.
• Reducing Access of Identity Thieves to Social Security Numbers: In order to limit the unnecessary use in the public sector of Social Security Numbers (SSNs) -- which are the most valuable pieces of consumer information for identity thieves -- the Task Force recommends the following:
- The Office of Personnel Management (OPM) should accelerate its review of the use of SSNs, and take steps to eliminate, restrict or conceal their use, including assignment of employee identification numbers where practicable.
- OPM should develop and issue policy guidance to the federal human capital management community on the appropriate and inappropriate use of an employee's SSN in employee records, including the appropriate way to restrict, conceal and/or mask SSNs in employee records and human resource management information systems.
- OMB should require all federal agencies to review their use of SSNs to determine where such use can be eliminated, restricted or concealed in agency business processes, systems and paper and electronic forms.
• Developing Alternative Methods of "Authenticating" Identities: The Task Force recommends that agencies gather together academics, industry experts and entrepreneurs who are exploring ways to encourage greater development and use of authentication systems, and hold a workshop or workshops focused on developing and promoting improved means of authenticating the identities of individuals.
• Improving Data Security in the Government: To ensure that government agencies improve their data security programs, the Task Force recommends that OMB and the Department of Homeland Security (DHS), through the interagency effort already underway to identify ways to strengthen the ability of all agencies to identify and defend against threats, correct vulnerabilities, and manage risks: (a) outline best practices in the areas of automated tools, training, processes, and standards that would enable agencies to improve their security and privacy programs, and (b) develop a list of the top 10 or 20 "mistakes" to avoid in order to protect government information.
• Improving Agencies' Ability to Respond to Data Breaches in the Government: In order to allow agencies to quickly respond to any data breaches, including by sharing information about those who may be affected with other agencies and entities that can assist in the response to the breach, all federal agencies should publish a "routine use" for their systems of records under the Privacy Act that would allow for the disclosure of such information in the course of responding to a breach of federal data.
