IS COMPREHENSIVE FEDERAL DATA SECURITY LEGISLATION NECESSARY TO PROTECT U.S. BUSINESSES, CONSUMERS AND THE GOVERNMENT FROM IDENTITY THEFT AND OTHER CRIMES?
Embargo until
Date
2008-06-04T19:19:59Z
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Johns Hopkins University
Abstract
This thesis reviews the growing problem of identity theft and fraud that result
from the misuse of stolen personal data, and seeks to determine whether or not
comprehensive federal legislation is necessary to protect U.S. businesses, consumers and
government from identity theft and other crimes. This thesis outlines the different ways
identity theft can occur, the different risk levels associated with breaches, and who
identity theft affects and how. This thesis explores existing laws and safeguards and their
effectiveness in protecting financial institutions, business entities, education
establishments, the federal government, and consumers from identity theft crimes and the
theft of sensitive personal information.
This thesis addresses two schools of thought: 1) the data security status quo is
sufficient, and 2) data security should be more highly regulated at a federal level. In
doing so, it analyzes pending federal data security legislation and the potential for
movement in the 110th Congress. Lastly, this thesis reviews emerging technologies and
how they relate to the growing threat of identity theft.
This thesis finds that a national standard for data security breach notification,
credit freeze policy, and social security number safeguards would be beneficial because
of confusing state laws. However, this thesis guardedly recommends a national standard
since the private sector has relatively strict data security regulations and compliance
standards in place, and during the political process, pre-emptive federal legislation could
end up creating unnecessary mandates for the private sector, and with ever-increasing
criminal technologies, it will be virtually impossible to thwart identity theft criminals’
attacks one hundred percent of the time. This thesis finds cybersecurity to be a more imminent threat than identity theft
and recommends that federal lawmakers address cybercrime before basic data security
standards. Cyber criminals are becoming more organized, and with emerging
technologies, the anonymity of the Internet, and use of the Internet as a sharing tool,
cyber criminals pose a real threat to U.S. national security. Coupled with deficient
information security standards at the majority of U.S. federal agencies, the threat of a
large scale cyber attack on U.S. infrastructure is imminent and must be addressed first
and foremost.