The recent TJX data breach proved that thieves are becoming increasingly savvy at getting their hands on sensitive personal information like credit card numbers. Given that case, which involved a whopping 45.7 million customer records, it's a good thing the federal government has decided to address the growing problem of identity theft, right?
Not so much, as it turns out. Guidelines issued earlier this week by the President's Identity Theft Task Force do call for a public awareness campaign -- a fine idea -- but offer little else in the way of serious recommendations.
In fact, one of the ideas -- to reduce the use of Social Security numbers as an identifier -- strikes us and eWEEK columnist Evan Schuman as just a little silly.
Why? Government agencies and businesses alike have already begun scaling back somewhat on asking folks for their Social Security numbers with every simple transaction. The practice was so prevalent for so long, however, that millions of numbers are already populating countless databases. Asking folks to stop using SSNs as identifiers now isn't going to change that.
Credit card issuers last year introduced the PCI Data Security Standard, a regulation much stiffer than anything proposed by the federal government. Problem is, as Schuman points out, few merchants are in compliance with PCI, even as the June 30, 2007 deadline fast approaches.
"If the retail industry cannot get compliant with its own security rules, it's silly to think that federal rules have much of a chance of having an impact," says Schuman.