Identity theft

About: Identity theft is a research topic. Over the lifetime, 2284 publications have been published within this topic receiving 31700 citations.

Health Information Equity

Abstract: Whatever the shape of the information network, collection imposes special burdens on the patients who are the subject of the information and who form the data pool for queries and analytics. Data storage, transfer, and queries create privacy risks: “No security measures…can ever completely safeguard against…release…or inappropriate use.” Patients therefore face actual or feared employment or insurance discrimination, reputational loss, or identity theft. Many patients also believe they have a claim to their information, of which collection deprives them. They may find research projects repugnant to their moral or religious beliefs, and appear to suffer dignitary harm when their information is used without their consent, whether identified or deidentified. The key problem is this: increasingly, these burdens are being placed on individuals who enjoy less social welfare, by focusing information collection efforts on those groups. Government programs aim to enhance data collection from these groups; by law, this data are available for public research to make the secondary research breakthroughs current medicine is based upon. By contrast, those with higher levels of welfare can keep their information from the communal pot, although they are well-position to reap health benefits as the learning health system gets off the ground. This Article argues that burdens should be distributed in a just manner. This entails taking into account the social welfare of the individual patient where possible when imposing on them information burdens and distributing information benefits. In concrete terms, this would require altering the points at which we collect information, focusing less on public benefit programs like Medicare and Medicaid, and looking to other sources such as wearable devices and wellness programs. It would also require us to alter research methods by broadening and where possible shifting the data pool that is queried or distributed for research. And it involves ensuring that benefits in the form of clinical decision support and smart devices that learn from iterative algorithms are accessible and used by the care providers of worse off populations.

An Approach Towards the Development of Scalable Data Masking for Preserving Privacy of Sensitive Business Data

Abstract: Large amount of digital data is generated rapidly all around the globe. Providing security to digital data is the crucial issue in almost all types of organizations. According to the Identity Theft Resource Center, there were 8069 data breaches between January 2005 and November 2017 [1]. In the year 2018, 477 cases registered about data breach [2]. In just three months of 2019, 145 such cases are already noticed [GK et al. in A study on dynamic data masking with its trends and implications. 38(2), 0975–8887, 3], and it continues to grow. Protecting the digital sensitive data from data breaches is the need of the hour. The main objective is to protect the privacy of individuals and society which is becoming crucial for effective functioning across businesses. Privacy enforcement today is being handled primarily through government monitored regulations and compliances. To overcome the limitations of existing masking methods, researcher proposed a non-zero random replacement masking method. Researcher has successfully developed a scalable data masking model which can be used for various data types—CSV, JSON, XML, and relational databases. To evaluate the proposed method, researcher used an internationally recognized UCI repository which is an open source of secondary data, out of 436 datasets available on the site; researcher selected five different datasets of various business domains. The selected business data is under five different categories—healthcare, social media, bank marketing, bank finance, and stock market. The researcher also contemplated about volume of datasets. Researcher applied three types of masking—substitution, shuffling, and proposed method on the selected datasets. The original dataset and masked datasets are classified by classification metric. Performance parameters measured on four different classifiers delivered sizeable variations. With respect to data samples used for analysis, results strongly augmented that the proposed data masking method can be used across the business-critical domains. The results strongly emphasize that the proposed model is the solution which not only protects the sensitive data but also maintains the usability, accuracy, and sensitivity.

DoD Implementation of Homeland Security Presidential Directive-12

Abstract: : We performed the audit in response to a request from the Office of Management and Budget that the President's Council on Integrity and Efficiency review agency processes and help ensure they are consistent with HSPD-12 and FIPS 201-1. We evaluated DoD business processes to determine whether they comply with directives and standards to develop secure and reliable Personal Identity Verification (PIV) credentials. DoD is not complying with HSPD-12 requirements, has not issued comprehensive HSPD-12 implementation guidance to DoD Components, and has not met HSPD-12 implementation milestones. DoD policy on physical access controls needs to be updated to comply with HSPD-12 policy objectives. Specific examples follow. DoD did not meet Government-wide milestones for completing background checks. Personnel at stations that issue the Common Access Card cannot electronically verify whether card applicants have initiated or completed a National Agency Check with Written Inquiries. DoD displays the full Social Security number on the Geneva Conventions credential, increasing the risk of identity theft. Components are purchasing equipment that is not compliant with HSPD-12. DoD is using barcode technology on the Defense Biometric Identification System credential that is not equivalent to mandatory HSPD-12 security features. DoD's current PIV credential does not meet interoperability requirements and needs to be updated.

A Day in Court for Data Breach Plaintiffs: Preserving Standing Based on Increased Risk of Identity Theft After Clapper v. Amnesty International USA

Abstract: IntroductionWe live in a world controlled more than ever before by the cybersphere. The amount of data stored on networks has increased exponentially in recent years,1 changing the way people interact and conduct business.2 Much of this data is personal information, which consumers must provide for even basic transactions.3 As a result, "the intimate details of our dresses, birth dates, Security numbers, and credit card and bank account information-are now stored in online databases.4Frequently exchanging personal information can lead to significant consequences.5 As the amount of online data has increased, so have instances of computer hacking and theft of consumers' personal information.6 Hacking incidents aside, breaches often follow simple mistakes by employees.7 As a result, breaches now occur several times a week.8 Indeed, a recent report by 1. an organization that compiles information about confirmed data breaches showed that the organization tracked a record number of breaches in 2014-18 percent higher than the previous record, and an increase of more than 27 percent from 2013.9 Data breaches have thus risen to unprecedented levels during "the [d]ecade of the [d]ata [b]reach."10In light of these broad risks, companies have had to fundamentally reorient their approaches to data security. Some have done just that, increasing investments in security technology or creating data-breach response plans.11 But two factors reduce the impact of those changes on data breaches. First, failure to frequently review and update data-breach response plans often renders them ineffective.12 Second, new technologies present new opportunities for data breaches, and companies may not be able to properly account for these developments.13 Moreover, many other businesses still remain in denial about the threat of data breaches, either failing to implement any data-security changes or making only nominal modifications.14Customers suffer enormous harms because of data breaches, including increased risk of identity theft.15 They have a limited ability, however, to seek redress for these injuries or to compel businesses to provide better data security. There are no unified federal data-security regulations, so state breach-notification statutes are the primary means for holding businesses accountable for their role in the breaches.16 Yet differences between the state requirements create a "patchwork" that varies by state,17 making results unpredictable and inconsistent. This statutory scheme thus provides limited protection for consumers in the wake of data breaches.As a result, consumers have increasingly turned to litigation against the companies responsible for protecting their information-from retail stores to data-storage companies-to address their injuries. These cases are usually class actions since individual consumers incur only small monetary damages.18 Consumers may assert common law claims like negligence or breach of contract, or claims that arise under consumer-protection statutes.19 Those claims are based on injuries related to consumers' increased risk of identity theft, with damages including costs for credit monitoring purchased to guard against identity theft.20Courts have disagreed on whether increased risk of identity theft is an injury-in-fact sufficient to create standing, and the Supreme Court has not yet addressed the issue. Departing from an initial trend in district courts to deny standing based on increased risk, the Seventh and Ninth Circuits-in Pisciotta v. Old National Bancorp21 and Krottner v. Starbucks Corp.,22 respectively-recognized standing based on increased risk.23 The Third Circuit rejected that approach in Reilly v. Ceridian Corp.,24 which the Supreme Court appeared to indirectly approve through its discussion of future harm in Clapper v. Amnesty International USA.25 Yet Clapper's applicability is unclear, given its different factual context.26 Indeed, district courts apply Clapper to data-breach cases inconsistently,27 clouding the future status of increased risk standing. …

Measure to prevent/control identity theft: relations with sources

Abstract: This study provides an exploratory analysis and theoretical application toward measure to prevent/control identity theft in conjunction with sources. At present, scholarly research on the topic of controlling identity theft specific to sources is rather very limited. This study proposes a matrix of source and measure to prevent/control identity theft. From this matrix, using knowledge from literature review and our opinion based on plausibility, we have individually identified significant measures to prevent identity theft in relation to every source of identity theft.