Such data breaches have been announced by some of the country’s well known banks, entertainment companies, telecommunications providers, and universities. And this proves that such breaches can occur at even the most security conscious and diligent companies. The public is learning about security breaches today largely due to California’s Breach Disclosure Law (SB 1386), which went into effect July 2003 and requires companies, with customers who live in California, to make notification if their personally identifiable financial information may have been accessed without authorization. Expect more security breach disclosures when a federal law similar to SB 1386 becomes law.

The human-toll of identity theft on individuals is severe. According to the Identity Theft Resource Center it takes the average victim about 600 hours to prove their identity was stolen and clean their credit reports. And it can be years before most victims attain their financial health. Many victims of identity theft run into trouble getting mortgages, car loans, credit lines, and even employment with a tarnished credit report. In 2003, the Identity Theft Resource Center surveyed 173 identity-theft victims and learned that 4 percent of victims discovered their identities where stolen when they were arrested for crimes committed in their “name.”

Those statistics are even more alarming when one considers that in 2004, the Federal Trade Commission said 635,173 identity theft related complaints were reported. That figure is considerably higher than the 403,688 filed complaints in 2002. It’s no surprise consumers are losing trust in E-commerce and how carefully organizations protect their private information. Gartner says 1 in 20 adults are likely to become victims of some form of identity theft.

It’s not just consumers that are losing. According to a survey conducted by the Chamber of Commerce, PricewaterhouseCoopers, and ASIS International, businesses lost between $53 billion and $59 billion between July 1, 2000 and June 30, 2001 due to the theft of their intellectual property.


Set the regulatory demands on information security aside – Basel II, European Union Data Protection Directives, GLBA, HIPPA, SB 1386, and Sarbanes-Oxley – as customers become increasingly security and privacy savvy, sound security policies and trust will increasingly become a competitive differentiator. Gartner predicts that if Internet-based security threats aren’t mitigated, the robust 20 percent annual E-commerce growth rates will be slashed to 10 percent or less within the next two years.

While the myriad of regulations do not dictate what security technologies companies need to set in place, they all demand that business and customer data are adequately guarded.

While it is not possible to eliminate risk, clearly more needs to be done by organizations to reach a higher level of security to protect their intellectual property and their customers’ personally identifiable information. The level of diligence organizations place on securing their business-technology systems simply isn’t high enough – and is one of the primary reasons identity theft cases are soaring. Organizations need to re-evaluate their approach to information security, consider new tactics for protecting digital assets and, most importantly, the trust of their suppliers, partners, shareholders, and customers.

Organizations Need to Get Back to Basics