Identity Theft -- Time for the industry to act

In the past few months, data has been compromised at numerous companies and universities, causing potential identity theft for thousands and possibly millions of individuals.

Unfortunately, these companies and organizations, as well as our Government seem not to really care about protecting this data or doing much about those who steal it. It's estimated that individuals who have their identity stolen face hundreds of hours trying to put things in order, including a back and forth game with law enforcement, credit card companies, and credit bureaus.

Here's what I think could be done to stem this tide.

1) Impose heavy penalties on identity theft. Prison time plus manditory restitution and penalties equal to or greater than the restitution.

2) Place restrictions on how companies can collect and share personal data. If they can do this for pharmacies, doctors, and hospitals, they can do this for agencies that handle data. Impose fines for those that fail to properly safeguard this information.

3) Devise software to spot telltale signs of potential identity theft on credit applications. Surely things like a name being spelled incorrectly, incomplete or inaccurate information on applications, or an address that is different than one that is currently on your file is a good way to spot this. If the software spots something potentially wrong, the credit should be flagged and an attempt to contact the individual should be made immediately at the existing address/phone number.

4) Require manditory reporting to government agencies ANY time the same social security number is given for two different names. I once had access to a database to investigate fraud where you would often find the same Social Security number tied to seven or eight people.

5) Credit companies should provide a free notification service for any changes to your credit report via e-mail.

I'm sure there are other ideas, but something must happen soon. Credit Bureaus, Banks, Colleges and other people who hold personal data must start holding themselves accountable before the government and/or lawsuits do.