Showing papers on "Identity theft published in 2006"

Phoolproof phishing prevention

Abstract: Phishing, or web spoofing, is a growing problem: the Anti-Phishing Working Group (APWG) received almost 14,000 unique phishing reports in August 2005, a 56% jump over the number of reports in December 2004 [3]. For financial institutions, phishing is a particularly insidious problem, since trust forms the foundation for customer relationships, and phishing attacks undermine confidence in an institution. Phishing attacks succeed by exploiting a user's inability to distinguish legitimate sites from spoofed sites. Most prior research focuses on assisting the user in making this distinction; however, users must make the right security decision every time. Unfortunately, humans are ill-suited for performing the security checks necessary for secure site identification, and a single mistake may result in a total compromise of the user's online account. Fundamentally, users should be authenticated using information that they cannot readily reveal to malicious parties. Placing less reliance on the user during the authentication process will enhance security and eliminate many forms of fraud. We propose using a trusted device to perform mutual authentication that eliminates reliance on perfect user behavior, thwarts Man-in-the-Middle attacks after setup, and protects a user's account even in the presence of keyloggers and most forms of spyware.We demonstrate the practicality of our system with a prototype implementation.

Identity theft and fraud protection system and method

Abstract: A system and method protects users against theft of personally identifiable information during both online and offline purchase transactions, registration transactions and identity authentication transactions. The system initially obtains a user's personally identifiable information as storable computer data, establishes an anonymous email address on behalf of the subscribing user, provides the anonymous email address to an email recipient when the subscribing user sends an email to the recipient, receives email communications from the recipient at the anonymous email address, stores the routing information from the email communications, scrubs the email communications for electronic viruses, forwards the email communications received from the recipient at the anonymous email address to the subscribing user, and forwards email communications to the recipient that are sent from the subscribing user to the anonymous email address by matching the stored routing information without ever revealing the subscribing user's real email address to the recipient.

Ethics in Information Technology

Abstract: ETHICS IN INFORMATION TECHNOLOGY, THIRD EDITION is a highly anticipated revision that will help readers understand the legal, ethical, and societal implications of information technology. The third edition offers updated and newsworthy coverage of issues such as file sharing, infringement of intellectual property, security risks, Internet crime, identity theft, employee surveillance, privacy, compliance, social networking, and ethics of IT corporations. This book offers an excellent foundation in ethical decision-making for current and future business managers and IT professionals.

Privacy management and transaction system

Abstract: A system for providing and altering information about users and third parties. The system helps individuals protect themselves against identity theft and identify confusion. Embodiments also provide information about third parties.

Strategy-driven methodology for reducing identity theft

Abstract: A strategy-driven methodology for reducing identity theft comprises the steps of attempting to gain system access, and presenting at least one list of user choices instead of granting system access, as practiced conventionally. The presented list contains at least one choice that is preset by a registered user. Other steps include selecting at least one choice from the presented list, and granting system access if the selected choice matches the preset choice.

A contextual framework for combating identity theft

Abstract: Identity theft is on the rise - as is the resulting damage to consumers and countries. In this article, the authors propose a framework to identify stakeholders and the interactive relationships that play multiple roles in combating identity theft

Who Are the Victims of Identity Theft? The Effect of Demographics

Abstract: Using the Federal Trade Commission's 2003 identity theft survey data, this article examines the relationship between a person's demographic characteristics and the likelihood of experiencing identity theft. Among other factors, the risk of identity theft appears to be higher for people with higher incomes, for younger consumers, and for women. A person's risk of being a victim of identity theft may depend, at least in part, on how many noncash accounts the consumer has and the intensity of their use. It may also depend on where the consumer conducts business and the precautions the consumer exercises. Because data to measure these factors directly are not available, differences in the risk faced by demographic groups may reflect differences in these considerations. This article should be of interest to those who are concerned with educating consumers about limiting identity theft risk and to law enforcement authorities.

Software based Dynamic Key Generator for Multifactor Authentication

Abstract: A software based method and system providing secure and robust multifactor authentication of internet users using at least one factor each of 1) Something you know; 2) Something you have; and 3) Something you are—A physical characteristic of the user or his/her computer/device. This method of authenticating the identity of a user to determine access to a host includes providing an encrypted key string based on one or more static and dynamic factors corresponding the data instances of a user or his/her computer/device, one or more static and dynamic factors corresponding the data instances of the host, and user input factors; evaluating the factor-based data instances to determine if the user's identity is authenticated; and granting or restricting the user's access to the host based on authentication results. The provider generates a key string based on the inputs gathered/provided, time stamps the key, encrypts the key and sends it to the host. The host in turns decrypts the key string, evaluates the static factors against its database, and evaluates the dynamic factors based on pre-defined logic. The user is successfully authenticated if all validations are positive. Based on the authentication results the user is granted or restricted an access to the host resources. This method and system significantly reduces the chances of identity theft occurring from phishing, pharming, man-in-middle theft, spy-ware, and key stroke logger in everyday consumer e-commerce by deploying multifactor authentication based on static and dynamic factors stored/generated at multiple places, key encryption, key time stamping, and elimination of key strokes.

Identity Theft, Identity Fraud and/or Identity-related Crime

Abstract: ‘Identity thieves make thousands of victims!’ is a typical headline of current e-zines. One pictures thousands of people panicking and pursuing thieves running away with their identities. Reality is different, of course. Identity criminals do no steal identities: they use identity as a tool to steal money. And the typical victim does not notice the crime until long after the criminal has booked a one-way ticket to the tropics. A good reason to have a look at the terminology of identity ‘theft’, identity fraud, and identity-related crime.

The Crimeware Landscape: Malware, Phishing, Identity Theft and Beyond

Abstract: “Crimeware” is software that performs illegal actions, unanticipated by a victim running the software, that are intended to yield financial or other benefits to the attacker. Crimeware is a ubiquitous fact of life in modern online interactions. It is distributed via a wide variety of mechanisms, and attacks are proliferating rapidly. For example, in the month of May 2006, at least 215 unique keyloggers—just one type of crimeware—were observed in the wild. Once installed, crimeware benefits the attacker in many ways, including theft of stored confidential data, denial-of-service extortion, spamming, click fraud, and aggregation of compromised information for further criminal activity. The installation and operation of crimeware and the varieties of countermeasures deployed suggest similarities of information flow and potential chokepoints.

Credit fraud prevention systems and methods

Abstract: The present invention seeks to minimize, reduce and/or eliminate credit fraud, identity theft and erroneous the incurrence of charges. The present invention allows individuals and/or entities to passively authenticate credit/banking access in real-time. Embodiments of the invention includes methods, systems, programs, and/or methods of doing business for banking/credit transactions including, inter alia, credit card point of sale (“POS”) purchases, e-commerce, credit issuance and credit inquiries, which minimize or eliminate credit and identity theft.

A touch of money [biometric authentication systems]

Abstract: This paper suggests the use of a new authentication system for credit cards based on biometric sensors that could dramatically curtail identity theft. The proposed system uses fingerprint sensors, though other biometric technologies, either alone or in combination, could be incorporated. It could be economical, protect privacy, and guarantee the validity of all kinds of credit card transactions, including ones that take place at a store, over the telephone, or with an Internet-based retailer. By preventing identity thieves from entering the transaction loop, credit card companies could quickly recoup their infrastructure investments and save businesses, consumers, and themselves billions of dollars every year.

Scoping identity theft

Abstract: The computer's role in identity theft incidents may have been misgauged through overestimates of reported losses.

Method of preventing fraud

Abstract: An identification verification system designed to prevent identity theft and financial fraud. Individuals are given or select identification codes which replace the commonly used social security numbers (SSNs). In order to access an individual's credit report or other financial records or open a credit account, the individual's identification code must be provided. Individuals, therefore, no longer have to provide their SSN in order to verify their identity. An individual's identity is verified only if the identification code submitted by the individual matches their identification code as found in a database. Individuals may choose to have their identification codes automatically changed periodically, or may choose to change their identification codes themselves as often as they wish. Identification codes are preferably changed upon each access to the individual's credit report or credit account opening.

Cybercrime, identity theft, and fraud: practicing safe internet - network security threats and vulnerabilities

Abstract: Computer networks and computer systems are experiencing attacks and threats from many areas. Threats are also extended to include the individual user's computer assets and resources. Information will be presented on the categories of security and privacy threats, integrity threats, vulnerabilities, delay and denial threats, and intellectual property threats that are being directed towards corporate, educational, governmental, and individual assets.

The Handbook of Fraud Deterrence

Abstract: List of Exhibits. Preface. Acknowledgments. SECTION I. PROFESSIONAL ENVIRONMENT OF FRAUD DETERRENCE. 1 Fraud Deterrence as a Business Management Tool. Introduction. Motivations for Process Improvement and Monitoring. How the Mighty Have Fallen. Importance of Internal Controls in Dynamic External Environments. Environmental Change and Its Effect on the Fraud Triangle. Where Is Bedrock for Fraud Deterrence? Conclusion. 2 Definition of Fraud Deterrence. Overview. Deterrence Activities Will Affect Control Culture. 3 History of Fraud Deterrence. Introduction. Early Fraud Deterrence. Modern Fraud Deterrence. 4 The Role of Professional Standards. Introduction. PCAOB Standards. American Institute of Certified Public Accountants Auditing Standards. American Institute of Certified Public Accountants Accounting and Review Standards. Institute of Internal Auditors Standards. Association of Certified Fraud Examiners Standards. Certified Fraud Deterrence Analyst-National Association of Certified Valuation Analysts. 5 The Fraud Triangle. Overview. Elements. The Fraud Triangle and Financial Reporting Fraud. 6 Motivations of Fraud Deterrence and the Transition to Investigation. Introduction. Motivations for Deterrence Analysis. Transition to Investigation. Conclusion. 7 A Fraud Deterrence Professional's Overview of the Legal Process. Introduction and Objectives. Basics of Opinion Testimony and the Role of the Judiciary. Expert Qualification Standards : When Is a Witness an "Expert"? Admissibility versus Weight: When Is an Expert's Opinion and/or Testimony Admissible? Limitations on the Scope of Expert Opinion Testimony. Reports and Discovery Obligations. Conclusion. 8 Human Resources Concerns. Retaliation: The Newest Wave of Employment Litigation. An Ounce of Prevention: Background Checks and Employment Inquiries Under the Fair Credit Reporting Act. Checklist for Complying with the FCRA When Using a Third Party to Obtain "Consumer Reports." Conclusion. Appendix 8A. Selected Federal Whistleblower Statutes. Appendix 8B. The U.S. Equal Employment Opportunity Commission. Appendix 8C. Disclosure to Applicant Regarding Consumer Reports. Appendix 8D. Disclosure to Employee Regarding Consumer Reports. Appendix 8E. Sample Notice of Intent to Obtain an Investigative. Consumer Report. Appendix 8F. Fair Credit Reporting Act. Appendix 8G. Sample Disclosure of Nature and Scope of Investigative. Consumer Report. Appendix 8H. Sample Pre-Adverse Action Notice. Appendix 8I. Sample Adverse Action Notice. Appendix 8J. Applicant. Appendix 8K. Current Employee. SECTION II. TOOLS OF FRAUD DETERRENCE. 9 Internal Control and Fraud Deterrence: The COSO Integrated Framework. Background. Control Environment. Information and Communication. Risk Assessment. Control Procedures. Monitoring. 10 Recent Corporate Governance Reforms Enacted to Deter Financial Fraud. The Sarbanes-Oxley Act of 2002 and Related Rules and Regulations. Introduction. Board of Directors. Audit Committee. Management. Internal Auditors. Enforcement. Protections for Directors and Officers. Conclusion. 11 Generation-X Technologies and Information Assurance. Overview. Do We Need a Paradigm Shift in Systems Assurance and Auditing? Generation X Enterprise Technologies: State of the Art. Information Systems Integration: A Challenge. Assured Information Emanates from Assured Systems. Information Assurance: A Function of Strategic Importance. Various Information Assurance and Control Measures. British Standards: BS7799 and BS 7799-2:2002. System Security Engineering Capability Maturity Model: SSE-CMM. Conclusion. 12 The Impact of Communications Infrastructure on Fraud Detection and Deterrence. Introduction. Fraud and Technology. Communication Security Solutions. Correlation. 13 Process and Information Validation. Part I: Interview and Interrogation Process. Difference between Interview and Interrogation. Preparation and Room Setting. Interviewer/Interrogator Demeanor. Detecting Deception. Conducting the Interview. Interrogation. Structured Approach to the Interview and Interrogation. of a Suspect in a Fraud Investigation. Conclusion. Part II: Forensic Document and Handwriting Examination. What Is a "Document"? Forgery. Red Flags of Document Examination. Caution. Red Flags of Handwriting Identification. Suggested Reading. 14 Data Analysis and Monitoring: How Effective Data Analysis Can Identify Fraud Risk Indicators and Promote Business Intelligence. Introduction. Data Basics. Information Systems. Generating Business Intelligence. What to Look for in Data Analysis Technology. Putting It All Together. 15 Reporting. Introduction. Function of Fraud Deterrence Reports. Reporting on Internal Control. Reporting in an Investigation. Importance of Documentation. Conclusion. SECTION III. APPLICATIONS OF FRAUD DETERRENCE. 16 Deterring Fraudulent Financial Reporting and Asset Misappropriation. Introduction. Organizational (Corporate) Culture. Organizational (Corporate) Governance. Internal Controls for Deterrence. Deterrence Monitoring. 17 Fraud and the Bankruptcy Code. Introduction. Bankruptcy Refuge for Fraudulent Actors. Bankruptcy Fraud. Fraudulent Transfer Statutes. Intentionally Fraudulent Transfers. Constructively Fraudulent Transfers. Application of Fraudulent Transfer Laws. Remedies for the Recovery of Fraudulent Transfers. Corporate Actors/Individual Liability. Conclusion. Appendix 17A. Uniform Fraudulent Conveyance Act and Uniform Fraudulent Transfer Act. Appendix 17B. Uniform Fraudulent Conveyance Act. Appendix 17C. Uniform Fraudulent Transfer Act. Appendix 17D. 18 U.S.C. 152-157. Appendix 17E. 11 U.S.C. 548. Fraudulent Transfers and Obligations. Appendix 17F. 11 U.S.C. 522 Exemptions. Appendix 17G. 11 U.S.C. 101(31). Definitions. 18 Discovering and Preventing Fraud in Business Formation and Dissolution. Introduction. Fundamental Assessments. Factors Affecting Whether the Fraud Will Succeed. Informational Rights and Fraud. Approval Rights and Governance. Additional Drafting Solutions. Minimizing the Occurrence of Fraud. Discovery of Fraud. Remedies. 19 Identity Theft and Privacy Protection. Introduction. Definition. Development of an Epidemic. The Outbreak and Law Enforcement. Protecting Personal Information. Detect Unauthorized Use. Defend and Regain Your Identity. Bulk Data Breaches. The Online Frontier of Phishing and Spoofing. Impact on Fraud Deterrence. 20 Intellectual Property. Introduction. How to Tell When Your Company Has Intellectual Property. Basic Reasons for Protecting. Routine Protection. Policing Intellectual Property Rights. Possible Recoveries through Litigation. Conclusion. 21 Fraud Deterrence in the U.S. Private Equity Finance System. Introduction. U.S. Private Equity System and Its Governance Structure. Foundations of a Fraud Deterrence System in Private Equity. Adoption of Internal Control Systems within the U.S. Private Equity System. Conclusions and Recommendations. Glossary of Terms. Index.

An experimental economics approach toward quantifying online privacy choices

Abstract: The importance of personal privacy to Internet users has been extensively researched using a variety of survey techniques. The limitations of survey research are well-known and exist in part because there are no positive or negative consequences to responses provided by survey participants. Such limitations are the motivation for this work. Experimental economics is widely accepted by economists and others as an investigative technique that can provide measures of economic choice-making that are substantially more accurate than those provided by surveys. This paper describes our efforts at applying the techniques of experimental economics to provide a foundation for (a) estimating the values that consumers place on privacy and various forms of security (encryption, HIPAA, etc.) and for (b) quantifying user responses to changes in the Internet environment. The contribution of this study is a better understanding of individual decision-making in the context of benefits and costs of making private information available to Internet sites. Preliminary results from a series of pilot studies are consistent with optimizing behaviors, indicating that continued application of experimental economics techniques in the quantification of Internet user actions in privacy/security space will be illuminating. Our results show that Internet users place great value on security measures, both regulatory and technical, that make identity theft much less likely. Our Web-based experiments indicate that privacy- and security- enhancing protections are likely to be subject to moral hazard responses, as participants in our online experiments became more aggressive in their Internet usage with greater protection in place.

System and method to curb identity theft

Abstract: Personal identity-identifiers such as social security numbers, finger prints, and biometric identifiers are fixed for life; once disclosed they can not reliably be used to authenticate the identity of a person claiming to own the identity-identifier(s). This limitation is overcome by introduction of one or more identity-passwords that are related, attached, or commingled together through a preset “rule”. Authentication methodologies claimed by this invention use a three-way-cross-authentication among three entities; a person to be authenticated, an entity requesting the authentication, and a trustee that issues, keeps, and verifies identity-data. Such methodologies can trace back the entitlement of one or more identity-identifiers to its correct owner through a three-way-cross-match of its identity-passwords. Specific methods are described to authenticate one's social security number, credit card number, door pass, computer software licenses, and the like. Another method is described that eliminates the need for business to ask for peoples' identity-identifiers.

Preventing identity theft

Abstract: Determining whether to remotely authorize an action on behalf of a requester includes having the requester provide a privacy token, remotely obtaining data from the privacy token, and authorizing the action if the data from the privacy token verifies that the requester is authorized to take the action. The action may include issuing a credit card for the requester. The privacy token may be a smart card. The data may be digitally signed. Determining whether to remotely authorize an action on behalf of a requester may also include authorizing the action if the requester had previously indicated a desire not to require presentation of the privacy token. The action may be authorized only if the data from the privacy token verifies the identity of the requester.

System and methods for an identity theft protection bot

Abstract: The present invention relates to an information security bot system for the mitigation of damage upon its victims, or enforcement of Identity Theft laws, by searching and inducing transactions with perpetrators of identity crimes (e.g. identity theft.). Searching is accomplished using a software spider search robot (“bot”) that turns any transmitted personal information in to a bit-keyed array that cannot betray any of the known information of the users. Transactions with perpetrators are induced and affected using machine generated natural language techniques. In instances of success, data (actual, bogus or “poisoned”) is transferred to or received from said perpetrators. This data can be used to protect victims or to ensnare perpetrators. In addition, the invention relates to offensive and proactive prevention of identity theft and other related crimes.

Cybercrime: An Epidemic: Who commits these crimes, and what are their motivations?

Abstract: Painted in the broadest of strokes, cybercrime essentially is the leveraging of information systems and technology to commit larceny, extortion, identity theft, fraud, and, in some cases, corporate espionage Who are the miscreants who commit these crimes, and what are their motivations? One might imagine they are not the same individuals committing crimes in the physical world Bank robbers and scam artists garner a certain public notoriety after only a few occurrences of their crimes, yet cybercriminals largely remain invisible and unheralded Based on sketchy news accounts and a few public arrests, such as Mafiaboy, accused of paralyzing Amazon, CNN, and other Web sites, the public may infer these miscreants are merely a subculture of teenagers In this article we provide insight into the root causes of cybercrime, its participants and their motivations, and we identify some of the issues inherent in dealing with this crime wave

Protecting job seekers from identity theft

Abstract: In search of a job after graduating from college, Meg Kemp posts her resume online. Norton Steuben, a retired law professor, hasn't looked for employment in more than 35 years and rarely uses the Internet, yet his law school maintains his curriculum vita online. Although such activity might seem innocuous, information in both these online resumes initially put Meg and Norton in danger of becoming identity-theft victims. Fortunately, they received some unexpected protection in the form of a computer program called Identity Angel, which this article describes in more detail.

Auto-detection and notification of access point identity theft

Abstract: Systems and techniques for detecting rogue access points. A wireless signal may be received from a wireless device. The wireless device may be determined to be a candidate device based on network identification information. Additional information associated with the wireless device may be acquired, and the wireless device may be determined to be a rogue device based on the additional information. Notification information indicative of the determination may be transmitted.

Intelligent Technologies for Managing Fraud and Identity Theft

Abstract: Superimposition frauds with respect to credit card and mobile (cell) phone usages, as well as identity thefts have become some of the fastest growing crimes worldwide. As fraudsters increasingly leverage technology systems, products and channels to commit crime, it becomes critical that businesses employ intelligent automated systems to proactively reduce their exposure to fraud, minimize risk losses and defend their organizations’ reputation. Thus businesses are increasingly getting involved in studying emerging security technologies as well as developing new security applications with these technologies to stay ahead of the competition in retaining and growing their customer base. This research is concerned about examining the aforementioned frauds and providing a summary review of the latest artificial intelligence technologies that have been used to develop security applications to consistently discover, monitor, examine and manage the aforementioned fraudulent activities across organizations — thus helping managers to identify and employ effective controls and prevention measures, as well as helping researchers, who are seeking more robust ways to protect the users from consumer fraud, with the identification of research projects to undertake to further advance the field.

Privacy protected cooperation network

Abstract: A computerized method and apparatus are established to identify a subject of common interest among multiple parties without releasing the true identity of any subject. Furthermore, a computerized network provides different parties at different locations with a mechanism to conduct cooperative activities concerning such a subject of common interest without exposing that subject to possible identity theft.

Protecting (Anonymous) Credentials with the Trusted Computing Group’s TPM V1.2

Abstract: Digital credentials and certificates can easily be shared and copied. For instance, if a user possesses a credential that allows her to access some service, she can easily share it with her friends and thereby let them use the service as well. While with non-anonymous credentials, this sharing can to some extend be detected by the fact that some credentials get used too often, such detection is not possible with anonymous credentials. Furthermore, the honest user is also at risk of identity theft: malicious software such as viruses and worms or phishing attacks can without too much difficulty steal her credentials.

Understanding Consumer Information Privacy in the Realm of Internet Commerce: Personhood and Pragmatism, Pop-Tarts and Six-Packs*

Abstract: "I'm not a lawyer. That's why I can see what the law is like. It's like a single-bed blanket on a double bed and three folks in the bed and a cold night. There ain't ever enough blanket to cover the case, no matter how much pulling and hauling, and somebody is always going to nigh catch pneumonia."1 As e-commerce has expanded and evolved over the past decade,2 so have methods of collecting, organizing, and analyzing the data that unwitting consumers make available to interested commercial entities as they venture through cyberspace. Commentators, courts, consumer advocates, policymakers, regulators, and e-businesses have struggled to imagine systems that could safeguard consumer privacy while maximizing commercial interests in capitalizing on the back and forth stream of information that constitutes the Internet.3 An assumption that commercial entities violate consumer privacy by collecting data from Internet transactions pervades the information privacy discourse,4 but in this Note I seek to interrogate that assumption by focusing on the actual processes through which consumer data are collected as well as the broader dynamics of the interactions between consumers and interested commercial parties. While the wholesale aggregation and disposition of consumer data may well pose a viable threat to consumer interests in certain contexts,5 I have found that the extant schema of legal and extralegal checks on the manner in which commercial entities may employ Internet-derived consumer information is broader and more protective of consumers than is generally recognized. However, although these protections are broad, an examination of their imperfect and improvisational nature reveals that business interests still generally prevail over consumer interests under the current regime. Nevertheless, I seek to demonstrate how certain privacy scholars exaggerate both the probability and the actual extent of harm suffered by individuals as a result of commercial data aggregation. It is my position that many privacy scholars make their case by overemphasizing the tenuous link between personal information and person/hood.6 By taking a measured look at both the context in which most Internet information privacy concerns arise and the existing system regulating the collection of such information, I attempt to expose some of the shortcomings of certain academic abstractions characterizing what is at stake with respect to consumer information privacy on the Internet. After all, we are no more defined by the junk email in our inboxes or the ads flashing across our screens than we are defined by the junkmail in our mailboxes or the ads on television programs. Fundamentally, e-tailers are not too different from brick-and-mortar retailers-they just want to sell us stuff. Lots of stuff. More stuff than we need, if they can just figure out how to tell us what we need. Businesses collect consumer data so that they can more effectively market their products, not, as some would argue, to hijack our identities for any sort of dark, Orwellian purpose. While any such motives-if they existed and if a company were willing to follow through with them-would make for an engaging conspiracy narrative, once such motives made their way into public view, it would be very, very bad for business. In this Note, I portray the nature and extent of information exchanged between consumers and "commercial websites"7 and information exchanged between consumers and third party advertising companies that commercial websites hire to manage their Internet advertising practices. I do not examine spyware or adware utilized by a certain fringe sector of e-commerce participants8 but instead focus on information technologies employed by more reputable companies. Nor do I give extensive treatment to the issues raised by information crimes such as identity theft, other than to the limited extent that the threat of identity theft arises in the context of transactions between consumers and commercial websites. …

Cancer Surveillance and Information: Balancing Public Health with Privacy and Confidentiality Concerns (United States)

Abstract: Rapid advances in informatics and communication technologies are greatly expanding the capacity for information capture and transportation. While these tools can be used for great good, they also offer new opportunities for those who seek to obtain and use information for improper purposes. While issues related to identity theft for financial gain garner the most attention, protection of privacy in public health endeavors such as cancer surveillance is also a significant concern. Some efforts to protect health-related information have had unintended consequences detrimental to health research and public health practice. Achieving a proper balance between measures to protect privacy and the ability to guard and improve public health requires careful consideration and development of appropriate policies, regulations and use of technology.

Much Ado about Notification

Abstract: Data security breaches have received considerable public attention of late, and have prompted several states to mandate that firms whose data may have been compromised to notify their customers of the security breaches. This study finds that the costs of a notification requirement are likely to be substantially higher than the benefits. Even for consumers whose data have been compromised, the probability of being a victim of fraud is so low - only 2 percent - that little action is justified. Overall, we estimate that the expected benefits of mandatory notification are very small - less than $10 per compromised individual.