ScreenDiscussion

Blogging background checking and security issues

4.04.2005

The Identity Theft Dilemma

Emergent Chaos has a good post on Identity Theft. In it he states,
Stop asking for social security numbers. If you can't stop asking, stop storing them. If you can't stop storing them, store them on an isolated database with tightly restricted access…Get back to basics, and ask how your organization can respect your customers, rather than putting them at risk.

I’ve mentioned it before, but I think there are two sides to avoiding identity theft. One is reactive and one is proactive. Among other things, the reactive side includes making new legislation that allows for harsher punishment of those who engage in identity theft and frequent technology "fixes" for existing security holes.

The proactive side is, as mentioned on Emergent Chaos, is to take steps in the first place to prevent sensitive personal information from being stored somewhere vulnerable. Minimize the distribution of personal data. Do all these companies that ask for Social Security Numbers really need them? I think this is a good question to ask.

The obvious downside to this is that yes, some of these companies really do need sensitive, personal information in order to provide the consumer with a necessary service. For example, the three key identifiers needed by a company performing a background check are name, date of birth and Social Security Number. Additional identifiers are sometimes available, but theser are the core three. Without these the accuracy of the results of the background check is questionable. The dilemma that a job applicant faces is that failure to provide this information to an employment screening company for a background check could result in the loss of a job. In the wrong hands, this is enough information to wreak havoc on someone’s personal life.

It’s a lose-lose situation for the applicant since we know that companies that do background checks don’t always properly safeguard their data. A person applies for a job and has to provide sensitive personal information in order to get the job, but providing the information potentially opens the door to identity theft.

What real solutions are there? A job applicant has no control over the company used by an employer to conduct background checks. It’s all up to the employer, so the applicant has to hope that the employer chose a responsible company. An employer could more easily choose an employment screening company if there were standards that existed to regulate the use of personal data. For example, not all employment screening companies sell access to their database. Companies that adhered to established standards would stand out from the crowd and the job applicant might feel a little safer about providing personal information.

Another solution would be for the government’s public records systems to utilize less "stealable" methods of personal identification. Fingerprinting is a viable option that’s been used for years by the government and is now slowly making its way into the public sector.

I’m sure there are a number of additional perspectives that could be discussed here, but I think this is the key issue for consumers regarding identity theft. The distribution of personal data can, and probably should, be limited more than it currently is, but this is only viable to a certain degree given the current state of our society.

9 Comments:

Post a Comment

<< Home