NCJ Number
207289
Journal
Journal of Financial Crime Volume: 12 Issue: 1 Dated: August 2004 Pages: 33-43
Date Published
August 2004
Length
11 pages
Annotation
This paper discusses an organization's responsibilities in mitigating opportunities for identity theft, and it presents guidelines for implementing and assessing controls that address the risk for identity theft.
Abstract
"Identity theft" is defined as "the criminal act of assuming the identity of another person with the expectation of gain." In addressing the prevention of identity theft, this paper focuses on organizations that collect, assemble, process, store, and retrieve information about individuals. Attention is given to the legal and moral responsibilities, risks, and related internal controls in the management of personal information on an organization's customers, employees, and other stakeholders. Following the documentation of identity theft as one of the most pervasive of the financial crimes, the authors outline some of the methods used to commit identity theft. A section then reviews selected laws that apply to identity theft. A discussion of civil liability for identity theft notes that victims are increasingly targeting third parties, including employers and other record-keepers, for failure to protect victims' personal information. It is therefore imperative that organizations which manage personal information evaluate their risks and controls for identity theft. Guidelines for enhancing manual controls recommend controlling the paper trail and destroying outdated records. Employee controls suggested are the institution of effective background checks, mandatory vacations, establishment of a hotline, and the development and enforcement of an information security and privacy policy. Computer controls include the prevention of unauthorized access, keeping identity data confidential, and controlling electronic data storage. Finally, the authors advise organizations to consider insurance as a risk-management tool. 64 references