The Name Of The Game? Identity Theft

In the 12 months ending June 2003, approximately 7 million U.S. adults found themselves victims of identity theft, according to Gartner. That's an increase of nearly 80% over the 1.9% rate reported in February 2002. Even more serious, the research company estimates that thieves stand only a one in 700 chance of exposure or arrest, perhaps because the crime is often misclassified.

It isn't only individuals who are finding themselves unwitting victims of identity theft. In June, a fraudulent E-mail campaign targeted customers of Best Buy Co., baiting recipients to disclose Social Security and credit-card numbers. As the incident didn't directly involve the company's systems or its online operations, there was little the retail chain could have done to prevent the situation. Regulations such as California's Security Breach Notice Law and the Health Insurance Portability and Accountability Act affect the way companies handle customer information, but they have little effect on circumstances such as Best Buy's.

In spite of that situation, privacy management remains a top business concern. Implementing and supporting privacy strategies are increasingly becoming the responsibility of IT departments. That's evident in data from InformationWeek Research's priorities series, a quarterly survey of 300 business-technology executives. More than half of the executives surveyed about their companies' third-quarter objectives report that managing privacy involves their IT operations, as well as corporate policies and business processes. For all the challenges of building the necessary infrastructure to safeguard customer, client, and company information, it's sobering to know that vulnerabilities such as the one Best Buy experienced remain, and that surely will be the most troubling aspect for business-technology executives.

What's the biggest challenge facing your company in protecting its information against unauthorized access and use? Let us know at the address below.

Helen D'Antoni
Senior Editor, Research
[email protected]

GROWING CONCERN

Do your IT organization's priorities include managing privacy strategies?

No wonder IT professionals find themselves involved in the execution and support of privacy practices--and in increasing numbers. Who else owns the knowledge of system and data-store operations? Yet in June 2002, only 43% of 300 business-technology executives we surveyed reported that IT was involved in privacy initiatives. This year, the percentage swelled to more than half, and it will surely rise in the coming quarters as companies facilitate regulatory requirements and customers demand greater information protection.

WIDER REACH

Is managing privacy strategies an IT priority at your company?

Companies of all sizes are involving technology professionals in their privacy initiatives. In InformationWeek Research's Evolving IT Priorities: 3Q 2003 study, three in five companies with annual revenue of $1 billion or more report that the management of privacy strategies is an IT priority.

This is slightly more than the 52% of execs at small and 47% at midsize businesses. Regulations that once applied mainly to large companies, especially in financial services, are now trickling down to smaller businesses.

INDUSTRY MOTIVATION

Is managing privacy strategies a priority for your IT organization?

Involving IT in privacy practices is similar among companies of different sizes. That doesn't hold true across industries. After all, some market sectors don't have the glut of information that requires privacy protection, making privacy management less of a business concern. Only a third of the study's manufacturing sites report the management of privacy strategies as an IT responsibility. Meanwhile, more than half of the study's IT and services sites report the department's involvement.

BACKING ENCRYPTION

Is the implementation and support of encryption on your IT organization's planned-projects list?

Encryption is one protective strategy that IT professionals are implementing and supporting. Nearly 60% of large companies say the execution and support of encryption tools are on their IT divisions' planned-projects list in the third quarter of this year, compared with 56% of small and 50% of midsize businesses. Yet only small companies show an increase in use compared with last year, when 43% of companies with annual revenue of up to $100 million reported encryption as an IT objective.