White House ID Theft Task Force Issues Interim Recommendations

President Bush's Identity Theft Task Force has released its interim recommendations. Comprised of 17 federal agencies and departments, the nation's first-ever Identity Theft Task Force was created as a result of the President's May 10 Executive Order.

"The President created the Identity Theft Task Force to oversee the implementation of real and practical solutions at the federal level to defeat this ongoing intrusion into the lives of law-abiding Americans," said Attorney General Alberto Gonzales.

The final plan will be released in November.

The Task Force's Seven Interim Recommendations

   1. Directing the Office of Management and Budget to issue guidance to federal agencies on how to handle data breaches.
   2. Strengthening data security in the government.
   3. Accelerating and broadening the review of where Social Security numbers are used by agencies.
   4. Establishing a new "routine use" by which agencies would be allowed to share information otherwise restricted by the Privacy Act to facilitate responding to a data breach.
   5. Holding workshops for academics and businesses to develop better methods to authenticate identities.
   6. Amending criminal statutes to allow identity theft victims to seek restitution from defendants for time spent undoing damage from the offense.
   7. Developing a universal police report to make it  easier to report identity theft and enter it into  existing systems.

Nine Founding Partners Join ANSI and BBB to Form Identity Theft Prevention and Identity Management Standards Panel

The American National Standards Institute (ANSI) and the Better Business Bureau (BBB) recently announced a cross-sector team partnership to prevent and respond to identity theft and fraud through a single resource of standards and guidelines. The nine founding, high-profile partners are: AT&T, Citi, ChoicePoint, Dell Inc., Intersections Inc., Microsoft, Staples Inc., TransUnion and Visa U.S.A.

As reported in the group's news release, this "initiative leverages ANSI's unique expertise as coordinator of the U.S. standards and conformity assessment system with BBB's extensive experience in advancing trust in the marketplace." The panel has set an aggressive timetable of 12-18 months to produce a comprehensive, cross-sector set of requirements and best practices to help any organization protect the confidential personal data of employees and customers.

The panel also seeks the involvement of standards development organizations, trade and professional associations, government agencies, consumer groups, organized labor, academia and other interested groups.

More information is available at

Australian, New Zealand Privacy Chiefs Collaborate on Privacy

The Australian and New Zealand Privacy Commissioners have signed an agreement to allow for cooperation between their offices on privacy-related issues, including cross-border complaints and joint investigations. This agreement fosters cooperative agreements as set forth in the APEC Privacy Framework, OECD Guidelines Governing the Protection and Transborder Flows of Personal Data, and the Asia Pacific Privacy Authorities Forum.

"The agreement will cement the already close ties between our Offices and tackling emerging privacy challenges and will enhance the management of cross-border cases," said Karen Curtis, Australian Privacy Commissioner.

Marie Shroff, New Zealand Privacy Commissioner, added, "The agreement will provide our Offices with a broader framework and base of resources, affording Australians and New Zealanders an ongoing high level of privacy protection."

Study Finds Canadian Privacy Laws Are Working

Canada NewsWire cites the new 2006 Nymity Trends in Transparency Report as a testament to corporate Canada's compliance with privacy law requirements to protect personal information.

The report identifies key improvements, including more comprehensive privacy policies that average six pages in length and contain specific privacy practices to aid readability and consumer decision-making. Most organizations have dedicated Canadian privacy policies that address all corporate operations and third-party transfers.

Jennifer Stoddart, Privacy Commissioner of Canada, said, "I hope that this report will help raise awareness among organizations about the importance of having sound privacy policies and practices in place to protect their customers' personal information."

Gregory Garcia Appointed First DHS Cybersecurity Czar

Homeland Security Secretary Michael Chertoff has appointed Gregory Garcia to serve as the agency's first Assistant Secretary for Cybersecurity and Telecommunications.

Garcia joins the Department of Homeland  Security from the Information Technology Association of America, where he was Vice President for Information Security Policy and Programs. In that role, Garcia led the public debate on cybersecurity policy and national cyber readiness. He has worked closely with the department over the past few years in his role on the IT Sector Coordinating Council. He also worked with industry to found the National Cyber Security Partnership.

Garcia also helped to draft and enact the Cyber Security Research and Development Act of 2002 during his tenure with the U.S. House of Representatives Committee on Science. He also has worked to strengthen encryption control regulations during his tenure with the Americans for Computer Privacy. Garcia also was involved with the international trade and IT policy at the Americans Electronics Association.

"I am gratified that Greg will join the department as the first Assistant Secretary of Cyber Security and Telecommunications, and I look forward to his many contributions that will advance the important progress that has already been made in this area," Chertoff said in a statement.

Zoe Strickland Joins Wal-Mart as the Company's First CPO

Formerly with the U.S. Postal Service as its first CPO, Zoe Strickland, CIPP/G, recently joined Wal-Mart Headquarters as the retail giant's first Vice President, Chief Privacy Officer. In this new role, Strickland holds domestic and global responsibility for developing a privacy program and integrating all privacy policies and procedures for Wal-Mart and Sam's Club.

Strickland joined the USPS in 2001. She was responsible for privacy program development, and previously practiced privacy and records law. An active participant in the privacy
community, Strickland also serves on the Board of Directors of the IAPP.

Bank of America, JP Morgan Chase, Washington Mutual Receive Recognition as Highest-Rated Consumer ID Theft Protectors

Javelin Strategy & Research released the results of its Banking Identity Safety Scorecard in San Francisco at the Identity Theft and Fraud Symposium sponsored by American Banker. Twenty-four of the country's top financial institutions, which collectively hold more than 60 percent of the nationwide banking market, were rated on their ability to prevent, detect and resolve consumer ID theft in partnership with customers.

The highest overall ranking recognition went to Bank of America, closely followed by JP Morgan Chase and Washington Mutual. Marshall & Ilsley Bank received top honors for prevention, representing the most weighted category in the evaluation. A category award for detection also was awarded to JP Morgan, with Washington Mutual receiving the resolution award. An honorable mention award for overall strength across all the categories went to KeyBank, while Citibank was acknowledged for its email policies to avoid phishing.

"This is the third year of our study, and financial institutions have improved significantly in giving consumers the tools they need to detect fraud on their own," said James Van Dyke, President of Javelin Strategy & Research. "Prevention is the next area in which financial institutions should focus their efforts. Overall, the industry must accomplish more in this area. We found that financial institutions focus more on resolving problems after they occur rather than stopping them up front."

With regard to regulatory compliance, the report extends a clear warning.

"With the end-of-the-year deadline looming for FFIEC (Federal Financial Institutions Examination Council) remote authentication compliance, we found that only one institution has fully implemented a solution," Van Dyke said. "Financial institutions, as a whole, have not yet taken the necessary steps to conform to the new guidelines. The next few months will be a critical time period as financial institutions need to focus their attention and research efforts on prevention methods to conform to this federal mandate."

Maxamine, TRUSTe Announce Strategic Alliance

Maxamine and TRUSTe have partnered to provide unprecedented levels of privacy assurance with solutions optimized for today's increasingly sophisticated, dynamic and rapidly growing Web environments. The result of this alliance will effectively automate much of the privacy compliance monitoring of the more than 2,400 TRUSTe-certified Web sites, according to the news release announcing the effort.

The two companies will initially use PrivacyMAX, the privacy compliance suite from Maxamine's high-performance site analytics solution, to automate TRUSTe's Web site privacy compliance audits. This alliance also strengthens the collaboration to benefit customers with solutions that help them with self-governance, self-assessment and standards compliance to improve overall Web site implementation quality.

 "Ensuring the integrity of sealholders' privacy practices on an ongoing basis is vital to TRUSTe's mission of building trust between consumers and organizations online," said John Tomaszewski, vice president of Legal, Policy and Compliance for TRUSTe.

Dana Rosenfeld Named Privacy Ombudsman for Tower Records Bankruptcy Case

Dana Rosenfeld, former assistant director of the FTC's Bureau of Consumer Protection and now counsel with Bryan Cave LLP, will serve as the consumer privacy ombudsman for the Tower Records Chapter 11 case.

Rosenfeld, the second person to hold the ombudsman role in bankruptcy court, will be required to provide a report analyzing Tower's privacy policy as it pertains to the transfer of customers' personal information to a third party. Rosenfeld's report also will recommend whether Tower's customer information may or may not be transferred to a new purchaser.


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»