FOR IMMEDIATE RELEASE AG

TUESDAY, SEPTEMBER 19, 2006 (202) 514-2007

WWW.USDOJ.GOV TDD (202) 514-1888

Identity Theft Task Force Announces

Interim Recommendations
Recommendations Come in Advance of Final Report
Set for November
WASHINGTON – The President’s Identity Theft Task Force has adopted interim
recommendations on measures that can be implemented immediately to help address
the problem of identity theft, Attorney General Alberto R. Gonzales and Federal
Trade Commission Chairman Deborah Platt Majoras announced today. The Identity
Theft Task Force, which was established by Executive Order of the President on
May 10, 2006, and is now comprised of 17 federal agencies and departments, will
deliver a final strategic plan to the President in November.

The interim recommendations of the Identity Theft Task Force were announced
following a meeting of the Task Force today at the Justice Department.

“As with any crime, victims of identity theft suffer feelings of violation and stress,
but in these cases, victims have the added burden of cleaning up the mess that the
identity thieves leave behind,” said Attorney General Gonzales. “The President
created the Identity Theft Task Force to oversee the implementation of real and
practical solutions at the federal level to defeat this ongoing intrusion into the lives
of law-abiding Americans. Today’s recommendations move that process forward.”

“Conquering identity theft demands that we work as a team to develop tools that
strengthen law enforcement, practices that enhance data security, and programs that
help consumers in prevention and recovery,” said FTC Chairman Majoras.
“Through these initiatives, we are taking solid steps toward eradicating this
persistent consumer problem.”

The Identity Theft Task Force’s interim recommendations to the Administration

include the following:

Data Breach Guidance to Agencies-

In light of several, large data breaches suffered in recent months by government

agencies, the Task Force recommends that the Office of Management and Budget
(OMB) issue to all federal agencies a Task Force memorandum, which covers the
factors that should govern whether and how to give notice to affected individuals in
the event of a government agency data breach, and the factors that should be
considered in deciding whether to offer services such as free credit monitoring.
Such guidance is the first comprehensive road map of the steps that agencies should
take to respond to a breach and to mitigate the risk of identity theft.

Development of Universal Police Report for Identity Theft Victims-

To ensure that identity theft victims have easy access to police reports documenting
the misuse of their personal information – which are necessary in order for the
victims to, for example, request that fraudulent information on their credit report be
blocked, or to obtain a seven-year fraud alert on their credit file – the Task Force
recommends the development of a “universal police report” that an identity theft
victim can complete online, print and take to a local law enforcement agency for
verification and incorporation into the police department’s report system. The use of
universal police reports will also ensure that identity theft complaints will flow into
the FTC's ID Theft Data Clearinghouse, and thereby will assist law enforcement
officers in responding to such complaints.

Extending Restitution for Victims of Identity Theft-

To allow identity theft victims to recover for the value of the time that they spend
attempting to make themselves whole – for example, the hours spent disputing
fraudulent accounts with creditors that may be compromised or spent correcting
credit reports – the Task Force recommends that Congress amend the criminal
restitution statutes, 18 U.S.C. 3663(b) and 3663A(b), to require that defendants pay
identity theft victims for the value of their lost time.

Reducing Access of Identity Thieves to Social Security Numbers-

In order to limit the unnecessary use in the public sector of Social Security Numbers
(SSNs) – which are the most valuable pieces of consumer information for identity
thieves – the Task Force recommends the following:

* The Office of Personnel Management (OPM) should accelerate its review of the
use of SSNs, and take steps to eliminate, restrict or conceal their use, including
assignment of employee identification numbers where practicable.

* OPM should develop and issue policy guidance to the federal human capital
management community on the appropriate and inappropriate use of an employee's
SSN in employee records, including the appropriate way to restrict, conceal and/or
mask SSNs in employee records and human resource management information
systems.
* OMB should require all federal agencies to review their use of SSNs to determine
where such use can be eliminated, restricted or concealed in agency business
processes, systems and paper and electronic forms.

Developing Alternative Methods of “Authenticating” Identities-

Developing reliable methods of authenticating the identities of individuals, such as

“biometrics,” would make it more difficult for identity thieves to misuse existing
accounts or open new accounts using other individuals’ information. The Task Force
recommends that agencies gather together academics, industry experts and
entrepreneurs who are exploring ways to encourage greater development and use of
authentication systems, and hold a workshop or workshops focused on developing
and promoting improved means of authenticating the identities of individuals.

Improving Data Security in the Government-

To ensure that government agencies improve their data security programs, the Task
Force recommends that OMB and the Department of Homeland Security (DHS),
through the interagency effort already underway to identify ways to strengthen the
ability of all agencies to identify and defend against threats, correct vulnerabilities,
and manage risks: (a) outline best practices in the areas of automated tools, training,
processes, and standards that would enable agencies to improve their security and
privacy programs, and (b) develop a list of the top 10 or 20 “mistakes” to avoid in
order to protect government information.

Improving Agencies’ Ability to Respond to Data Breaches in the Government-

In order to allow agencies to quickly respond to any data breaches, including by

sharing information about those who may be affected with other agencies and
entities that can assist in the response to the breach, all federal agencies should
publish a “routine use” for their systems of records under the Privacy Act that
would allow for the disclosure of such information in the course of responding to a
breach of federal data.

Anyone wishing to ask a question about identity theft or to report identity theft may
call 1-877-ID-THEFT, or visit the FTC’s Web site, http://www.ftc.gov/idtheft, or
the Department of Justice’s Web site,
http://www.usdoj.gov/criminal/fraud/idtheft.html.

###

06-635