Poor Identity Management

I believe poor identity management leads to many undesired consequences including identity theft potentially causing privacy and regulatory violations as well as identity fraud. I think these negative consequences should not be taken lightly as not only they can take years to correct, but also some companies may never even recover from such security breach incidents. I have in the past discussed the motivation of those who steal personal information for personal gains, however, we have less of a control over what others plan and do. On the other hand, we have more control over our own actions and the way we plan for and protect the identities of our clients, employees and family members. As I’ve said before, identity theft is an old business and it has just evolved over the years as our society has evolved. In particular, the Internet, many new and improved consumer products, and aggressive marketing strategies have led to rapid accumulation and distribution of personal information as ever before. All of this happens while as a society, we lack the basic understating of the risks, best solutions, our obligations as well as our rights. There is a big disconnect between businesses and consumers and while web sites such as this one attempt to bridge the gap to some extent, businesses must take responsibility and help consumers become more aware and conscious about the risks and the way they manage their identity components. Take credit card and mortgage products for example; we were bombarded by and accepted all kinds of credit card and mortgage refinance offers for years until our financial and credit systems collapsed. Every one is responsible for the mess that we’re in and don’t expect our poor identity management practices and their undesired consequences to get better any time soon. Businesses and consumers don’t seem to learn from the mistakes of the past; for example companies continue to ignore incidents especially external incidents which have less impact on their organizations, and consumers continue to abuse their identities, especially online while thinking identity theft just happens to others. Although, every one seems to be somewhat responsible for the growing problem of identity theft, businesses are best positioned to lead consumers as well as their organizations and industry peers in improving poor identity management practices.

Businesses should educate their customers and employees on ways to reduce the identity risks in relation to the personal information that they collect or products that they promote and sell to consumers. Not only businesses should help reduce identity theft for the society, but they should do this for their own sake. Here’s why; the long term cost of identity theft and its consequences is much more than the cost and benefits of identity theft reduction efforts and, the mistakes of a few can lead to long term consequences costing even more. For example, the unethical practices of a few businesses and their independent auditors who instead of protecting shareholders manipulated and reported false financial information, destroyed their companies, eliminated consumer trust and subsequently led to the establishment of the Sarbanes Oxley regulations. I predict that poor identity management practices will also lead to serious security incidents, improved and national regulations similar to SOX as well as more frequent government audits. If you are a chief executive officer in an industry that deals with millions of consumer information daily, you should schedule an emergency meeting and invite your corporate lawyers, ethics officer, chief information security officer, chief privacy officer and internal auditor to discuss how to identify and improve poor identity management practices as soon as possible to avoid class action lawsuits which are going to increase in the next few years. And by the way, if you haven’t assigned individuals to such corporate governance positions, you should assign them as soon as possible. Many companies have been negligent for too long and it’s just a matter of time before the poor identity management of a few negligent companies lead to more regulations, more lawsuits, collapse of their peer companies and increased costs. As such, I suggest industry leaders, business management and shareholders force these negligent companies to become more responsible for the sake of everyone else. On the other hand if you are a consumer, grab a chair, make some coffee and get ready to witness and participate in major upcoming lawsuits and trials of corporate executive who have been negligent in protecting the personal information of their customers.

Visit IdentityMate to learn about ways to improve poor identity management practices.

Identity Protection Insights Newsletter

Effective identity protection requires dynamic and integrated solutions. This site provides awareness, education and many solutions to address the growing problem of identity theft. Please sign up for the Identity Protection Insights newsletter to receive periodic notification of important articles and solutions, major identity theft news analysis, fraud alerts, and other service announcements.

Enter your E-mail Address
Enter your First Name (optional)
Then

Don't worry — your e-mail address is totally secure.
I promise to use it only to send you Identity Management Journal.