Blogger: Kevin Kampman
Following my rule of threes (when three related things come to my attention, it is time to blog), I just received a solicitation from the National Rifle Association (NRA) to protect myself from identity theft. No, they aren’t saying to lock, load, and take aim at the identity thieves (which might actually be a good start). Rather, they have joined forces with LifeLock to offer a trial and discount to use LifeLock’s services. In this respect, the NRA is to gun owners what the AARP is to folks over 50 years of age; they see them as a market opportunity.
It’s really about the money. Your name and information is for sale. People over 50 haven’t learned to avoid this yet, even though older folks are a primary target for identity theft. It’s too bad that the AARP isn’t advocating for its audience, instead of making them targets for identity thieves.
Periodically I receive an application for privacy protection from one of the financial services companies. For $5.95 a month, I can get something similar to LifeLock. My contention, however, is that by collecting and sharing this information, the financial services companies, among others, contributed to our privacy and identity theft problems. Why should I reward them for the disservice? And why would I want to give them more ammunition? An identity protection industry is really the wrong answer.
Today, the identity protection market is so pervasive that you can walk through a supermarket checkout and buy identity theft protection. Whether or not these services provide you real protection and advocacy, or just line someone’s pockets is open to question. The real issue is how to prevent the problem in the first place.
When organizations that have custody of personally identifiable information (PII) exercise due care over what they trust, manage, and share, there will be real progress. One way for that to happen is to impose significant liability and damage claims on firms and organizations that are a party to the inappropriate acceptance, exposure and use of PII. Another would be to develop a consumer-protection discipline in businesses, similar to the Payment Card Industry. For example, business could leverage a sanctioned exchange from an identity oracle on demand, rather than amass and incubate a collection of information about principals that represents a target for compromise. Then we’ll see real improvements in terms of responsibilities and protection. Place the burden of the problem on those who created it.
(The author is a life member of the NRA; has no affiliation whatsoever with the AARP).