Kroll Fraud Solutions Blog – A Dialogue on Data Security

There has been much discussion in the media recently about spear phishing. Far from being a consumer issue only, spear phishing has emerged recently as sort of an attack du jour, as this method has been recently linked to several data breaches.

According to the recently released IBM 2010 Trends and Risks report, “The single most common threat vector used over the past few years … is spear phishing where an object contains a link to a web page that contains malware. The delivery of this type of message to victims can occur through email, instant messaging, and social network sites.” This pertains to targeted attacks, where the hacker has targeted specific content or a specific company, not necessarily where a hacker is casting a wide net to pull in anything of value.

Experian, the consumer credit reporting agency, recently announced plans to begin offering more consumer data on its reports, in the form of rental histories. This comes after Experian’s acquisition of RentBureau, a company that collects consumer rental history. The plan, according to Experian, is to combine rental payment data as recorded by RentBureau with the credit data already collected by Experian, in order to provide a more “complete” picture of the consumer’s credit history and, quite possibly, help renters that pay on time boost their credit scores.

At last week’s IAPP Global Summit, we were excited to be among the attendees who are passionate about their professions and eager to learn what is new. Here are a few topics that made an appearance at this year’s event.

Putting Policy into Practice

Legislative compliance and privacy standards proved to be a top-of-mind concern for many attendees.

Heather Beeler, Product Manager of Kroll’s Fraud Solutions, observed “a general sense of urgency around putting privacy standards and regulations into practice across the board,” from government interests across the globe to the public and private business sector.

It’s my pleasure to post from the IAPP Privacy Summit in Washington DC today, which has also been the scene of today’s announcement by  the Consumer Federation of America (CFA) of its Best Practices for Identity Theft Services report that offers specific industry guidelines designed to protect consumers from misleading claims and promote responsible practices. All of us at Kroll are pleased to see the release of this work, which represents the culmination of some 18 months of effort by consumer advocates and service providers toward this common goal. You can download the complete report here.

When we mentioned the possibility of a federal breach notification law in our 2011 data security forecast, there was little room to elaborate on the Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework. This report was released in December 2010 by the Department of Commerce Internet Policy Task Force. One of the recommendations included in this report was that the government should take up the task of developing a federal security breach notification (SBN) law.