When he was a master identity thief in the 1960s, Frank Abagnale said he used to make his own fraudulent ID cards and forge checks, according to his interview with Infomation Week. Immortalized in the critically acclaimed film "Catch Me If You Can," Abagnale later turned his life around and became a respected anti-fraud expert. Now he is warning that lack of action from leaders in the federal government may be endangering consumer information because it has become easier to steal data today.
State laws have typically governed how businesses notify consumers about data breaches. California has some of the strictest cybersecurity and privacy laws in the nation, recently passing the kill switch law to install remote-locking capabilities on phones and the eraser button law, allowing younger Internet users to remove embarrassing photos on social media sites. While states have had some success in guarding against cyberattacks and maintaining consumer privacy, some have criticized the federal government for not being as active in protecting consumers from identity theft and other data-related crimes.
Abagnale said federal government agencies have not been leaders in securing consumer information as they should. He gave the example of having to convince the U.S. Internal Revenue Service not to display Social Security numbers on tax return mailing labels. Identity thieves have been known to steal mail right out of mail boxes to access consumers' valuable information.
Flaws in Government's Handling of Taxpayer Data
Abagnale does have a point that government agencies and leaders should step up their fight against identity theft after a government watchdog earlier this year called the IRS "an institution in crisis," according to a February blog by CyberScout.
A recent report said there were also flaws pointed out in the agency's handling of taxpayer data. The report said the IRS does not ensure that personnel who process consumer information have had background checks, which may put this data at risk for theft, according to an audit by the Treasury Inspector General for Tax Administration (TIGTA).
Recently, the federal government has shown signs it is willing to improve its leadership regarding data security, most notably by calling for a federal law to standardize data breach notifications. While there support for this legislation has been growing, some believe the government may not be able to finalize this type of law, Business Insurance reported.
"I'm not sure when, or whether, the federal government will want to jump into this particular thicket," said Lori S. Nugent, a partner with law firm Wilson Elser Moskowitz Edelman & Dicker L.L.P, in reference to a federal data breach notification law, according to Business Insurance.
With the IRS working to improve its internal processes and ramp up prosecutions of identity theft crimes, it might be a matter of when - instead of if - consumers will see results from increased protections from cyberattackers and identity thieves.