White House ID Theft Task Force Issues Interim Recommendations

President Bush's Identity Theft Task Force has released its interim recommendations. Comprised of 17 federal agencies and departments, the nation's first-ever Identity Theft Task Force was created as a result of the President's May 10 Executive Order.

"The President created the Identity Theft Task Force to oversee the implementation of real and practical solutions at the federal level to defeat this ongoing intrusion into the lives of law-abiding Americans," said Attorney General Alberto Gonzales.

The final plan will be released in November.

The Task Force's Seven Interim Recommendations

   1. Directing the Office of Management and Budget to issue guidance to federal agencies on how to handle data breaches.
   2. Strengthening data security in the government.
   3. Accelerating and broadening the review of where Social Security numbers are used by agencies.
   4. Establishing a new "routine use" by which agencies would be allowed to share information otherwise restricted by the Privacy Act to facilitate responding to a data breach.
   5. Holding workshops for academics and businesses to develop better methods to authenticate identities.
   6. Amending criminal statutes to allow identity theft victims to seek restitution from defendants for time spent undoing damage from the offense.
   7. Developing a universal police report to make it  easier to report identity theft and enter it into  existing systems.

Nine Founding Partners Join ANSI and BBB to Form Identity Theft Prevention and Identity Management Standards Panel

The American National Standards Institute (ANSI) and the Better Business Bureau (BBB) recently announced a cross-sector team partnership to prevent and respond to identity theft and fraud through a single resource of standards and guidelines. The nine founding, high-profile partners are: AT&T, Citi, ChoicePoint, Dell Inc., Intersections Inc., Microsoft, Staples Inc., TransUnion and Visa U.S.A.

As reported in the group's news release, this "initiative leverages ANSI's unique expertise as coordinator of the U.S. standards and conformity assessment system with BBB's extensive experience in advancing trust in the marketplace." The panel has set an aggressive timetable of 12-18 months to produce a comprehensive, cross-sector set of requirements and best practices to help any organization protect the confidential personal data of employees and customers.

The panel also seeks the involvement of standards development organizations, trade and professional associations, government agencies, consumer groups, organized labor, academia and other interested groups.

More information is available at www.ansi.org/idsp.

Australian, New Zealand Privacy Chiefs Collaborate on Privacy

The Australian and New Zealand Privacy Commissioners have signed an agreement to allow for cooperation between their offices on privacy-related issues, including cross-border complaints and joint investigations. This agreement fosters cooperative agreements as set forth in the APEC Privacy Framework, OECD Guidelines Governing the Protection and Transborder Flows of Personal Data, and the Asia Pacific Privacy Authorities Forum.

"The agreement will cement the already close ties between our Offices and tackling emerging privacy challenges and will enhance the management of cross-border cases," said Karen Curtis, Australian Privacy Commissioner.

Marie Shroff, New Zealand Privacy Commissioner, added, "The agreement will provide our Offices with a broader framework and base of resources, affording Australians and New Zealanders an ongoing high level of privacy protection."

Study Finds Canadian Privacy Laws Are Working

Canada NewsWire cites the new 2006 Nymity Trends in Transparency Report as a testament to corporate Canada's compliance with privacy law requirements to protect personal information.

The report identifies key improvements, including more comprehensive privacy policies that average six pages in length and contain specific privacy practices to aid readability and consumer decision-making. Most organizations have dedicated Canadian privacy policies that address all corporate operations and third-party transfers.

Jennifer Stoddart, Privacy Commissioner of Canada, said, "I hope that this report will help raise awareness among organizations about the importance of having sound privacy policies and practices in place to protect their customers' personal information."

Gregory Garcia Appointed First DHS Cybersecurity Czar

Homeland Security Secretary Michael Chertoff has appointed Gregory Garcia to serve as the agency's first Assistant Secretary for Cybersecurity and Telecommunications.

Garcia joins the Department of Homeland  Security from the Information Technology Association of America, where he was Vice President for Information Security Policy and Programs. In that role, Garcia led the public debate on cybersecurity policy and national cyber readiness. He has worked closely with the department over the past few years in his role on the IT Sector Coordinating Council. He also worked with industry to found the National Cyber Security Partnership.

Garcia also helped to draft and enact the Cyber Security Research and Development Act of 2002 during his tenure with the U.S. House of Representatives Committee on Science. He also has worked to strengthen encryption control regulations during his tenure with the Americans for Computer Privacy. Garcia also was involved with the international trade and IT policy at the Americans Electronics Association.

"I am gratified that Greg will join the department as the first Assistant Secretary of Cyber Security and Telecommunications, and I look forward to his many contributions that will advance the important progress that has already been made in this area," Chertoff said in a statement.

Zoe Strickland Joins Wal-Mart as the Company's First CPO

Formerly with the U.S. Postal Service as its first CPO, Zoe Strickland, CIPP/G, recently joined Wal-Mart Headquarters as the retail giant's first Vice President, Chief Privacy Officer. In this new role, Strickland holds domestic and global responsibility for developing a privacy program and integrating all privacy policies and procedures for Wal-Mart and Sam's Club.

Strickland joined the USPS in 2001. She was responsible for privacy program development, and previously practiced privacy and records law. An active participant in the privacy
community, Strickland also serves on the Board of Directors of the IAPP.

Bank of America, JP Morgan Chase, Washington Mutual Receive Recognition as Highest-Rated Consumer ID Theft Protectors

Javelin Strategy & Research released the results of its Banking Identity Safety Scorecard in San Francisco at the Identity Theft and Fraud Symposium sponsored by American Banker. Twenty-four of the country's top financial institutions, which collectively hold more than 60 percent of the nationwide banking market, were rated on their ability to prevent, detect and resolve consumer ID theft in partnership with customers.

The highest overall ranking recognition went to Bank of America, closely followed by JP Morgan Chase and Washington Mutual. Marshall & Ilsley Bank received top honors for prevention, representing the most weighted category in the evaluation. A category award for detection also was awarded to JP Morgan, with Washington Mutual receiving the resolution award. An honorable mention award for overall strength across all the categories went to KeyBank, while Citibank was acknowledged for its email policies to avoid phishing.

"This is the third year of our study, and financial institutions have improved significantly in giving consumers the tools they need to detect fraud on their own," said James Van Dyke, President of Javelin Strategy & Research. "Prevention is the next area in which financial institutions should focus their efforts. Overall, the industry must accomplish more in this area. We found that financial institutions focus more on resolving problems after they occur rather than stopping them up front."

With regard to regulatory compliance, the report extends a clear warning.

"With the end-of-the-year deadline looming for FFIEC (Federal Financial Institutions Examination Council) remote authentication compliance, we found that only one institution has fully implemented a solution," Van Dyke said. "Financial institutions, as a whole, have not yet taken the necessary steps to conform to the new guidelines. The next few months will be a critical time period as financial institutions need to focus their attention and research efforts on prevention methods to conform to this federal mandate."

Maxamine, TRUSTe Announce Strategic Alliance

Maxamine and TRUSTe have partnered to provide unprecedented levels of privacy assurance with solutions optimized for today's increasingly sophisticated, dynamic and rapidly growing Web environments. The result of this alliance will effectively automate much of the privacy compliance monitoring of the more than 2,400 TRUSTe-certified Web sites, according to the news release announcing the effort.

The two companies will initially use PrivacyMAX, the privacy compliance suite from Maxamine's high-performance site analytics solution, to automate TRUSTe's Web site privacy compliance audits. This alliance also strengthens the collaboration to benefit customers with solutions that help them with self-governance, self-assessment and standards compliance to improve overall Web site implementation quality.

 "Ensuring the integrity of sealholders' privacy practices on an ongoing basis is vital to TRUSTe's mission of building trust between consumers and organizations online," said John Tomaszewski, vice president of Legal, Policy and Compliance for TRUSTe.

Dana Rosenfeld Named Privacy Ombudsman for Tower Records Bankruptcy Case

Dana Rosenfeld, former assistant director of the FTC's Bureau of Consumer Protection and now counsel with Bryan Cave LLP, will serve as the consumer privacy ombudsman for the Tower Records Chapter 11 case.

Rosenfeld, the second person to hold the ombudsman role in bankruptcy court, will be required to provide a report analyzing Tower's privacy policy as it pertains to the transfer of customers' personal information to a third party. Rosenfeld's report also will recommend whether Tower's customer information may or may not be transferred to a new purchaser.


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

The Privacy Core™ Library Has Evolved

Privacy Core™ e-learning essentials just expanded to include seven new units for marketers. Keep your data safe and your staff in the know!

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

Upcoming Web Conferences

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Team

Get your team up to speed on privacy by bringing IAPP training to your organization.

Let’s Get You DPO Ready

There’s no better time to train than right now! We have all the resources you need to meet the challenges of the GDPR.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.


The IAPP’S CIPP/E and CIPM are the ANSI/ISO-accredited, industry-recognized combination for DPO readiness. Learn more today.

Learn more about IAPP certification »

Are You Ready for the GDPR?

Check out the IAPP's EU Data Protection Reform page for all the tools and resources you need.

IAPP-OneTrust PIA Platform

New U.S. Government Agency privacy impact assessments - free to IAPP members!

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

Privacy Vendor List

Find a privacy vendor to meet your needs with our filterable list of global service providers.

More Resources »

Europe Data Protection Intensive 2017

The Intensive is sold out! But cancellations do happen—so hurry and get on the wait list in case more seats become available.

Global Privacy Summit 2017

The world’s premier privacy conference returns with the sharpest minds, unparalleled programs and preeminent networking opportunities.

Canada Privacy Symposium 2017

The Symposium returns to Toronto this spring and registration has opened! Take advantage of Early Bird rates and join your fellow privacy pros for another stellar program.

The Privacy Bar Section Forum 2017

The Privacy Bar Section Forum returns to Washington, DC April 21, delivering renowned keynote speakers and a distinguished panel of legal and privacy experts.

Asia Privacy Forum 2017

The Forum returns to Singapore for exclusive networking and intensive education on data protection trends and challenges in the Asia Pacific region. Call for Speakers open!

Privacy. Security. Risk. 2017

This year, we're bringing P.S.R. to San Diego. The Call for Speakers is now open. Submit today and be a part of something big! Submission deadline: February 26.

Europe Data Protection Congress 2017

European policy debate, multi-level strategic thinking and thought-provoking discussion. The Call for Speakers is open until March 19.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»