Editing Identity theft (section)

== Identity protection by organizations ==
In their May 1998 testimony before the United States Senate, the [[Federal Trade Commission]] (FTC) discussed the sale of Social Security numbers and other personal identifiers by credit-raters and data miners. The FTC agreed to the industry's self-regulating principles restricting access to information on credit reports.<ref>{{cite web |url=http://www.ftc.gov/os/1998/05/identhef.htm |title=Testimony before the Subcommittee on Technology, Terrorism and Government Information |url-status=dead |archive-url=https://archive.today/20120801/http://www.ftc.gov/os/1998/05/identhef.htm |archive-date=1 August 2012 }}, Committee of the Judiciary, United States Senate 20 May 1998 pp 5,6</ref> According to the industry, the restrictions vary according to the category of customer. Credit reporting agencies gather and disclose personal and credit information to a wide business client base.

Poor stewardship of personal data by organizations, resulting in unauthorized access to sensitive data, can expose individuals to the risk of identity theft. The Privacy Rights Clearinghouse has documented over 900 individual data breaches by US companies and government agencies since January 2005, which together have involved over 200 million total records containing sensitive personal information, many containing social security numbers.<ref>{{Cite web|url=http://www.privacyrights.org/ar/ChronDataBreaches.htm|archive-url=https://web.archive.org/web/20100613183200/http://www.privacyrights.org/ar/ChronDataBreaches.htm|url-status=dead|title=A Chronology of Data Breaches<!-- Bot generated title -->|archive-date=13 June 2010}}</ref> Poor corporate diligence standards which can result in data breaches include:
* failure to shred confidential information before throwing it into dumpsters
* failure to ensure adequate [[network security]]
* credit card numbers stolen by [[call center]] agents and people with access to call recordings
* the theft of laptop computers or portable media being carried off-site containing vast amounts of personal information. The use of strong [[encryption]] on these devices can reduce the chance of data being misused should a criminal obtain them.
* the brokerage of personal information to other businesses without ensuring that the purchaser maintains adequate security controls
* Failure of governments, when registering sole proprietorships, partnerships, and corporations, to determine if the officers listed in the Articles of Incorporation are who they say they are. This potentially allows criminals access to personal information through [[credit rating]] and [[data mining]] services.

The failure of corporate or government organizations to protect [[consumer privacy]], [[client confidentiality]] and [[political privacy]] has been criticized for facilitating the acquisition of personal identifiers by criminals.<ref>[http://www.siia.net/software/pubs/iit-00.pdf Internet Identity Theft - A Tragedy for Victims] {{webarchive |url=https://web.archive.org/web/20110422192157/http://www.siia.net/software/pubs/iit-00.pdf |date=22 April 2011 }}, [[Software and Information Industry Association]]. Retrieved 30 June 2006.</ref>

Using various types of [[biometric]] information, such as [[fingerprint]]s, for identification and authentication has been cited as a way to thwart identity thieves, however, there are technological limitations and privacy concerns associated with these methods as well.