Privacy Rights Clearinghouse
Submitted by the Privacy Rights Clearinghouse on Dec. 19, 2005
Federal Trade Commission
Office of the Secretary, Room H-159 (Annex H)
600 Pennsylvania Avenue, N.W.
Washington, D.C. 20580
Filed electronically: https://secure.commentworks.com/ftcIDTheftSurvey 
Filed by FAX with OMB (202) 395-6974
RE: FTC File No. P034303 -- ID Theft Survey
Dear Mr. Secretary:
The Privacy Rights Clearinghouse (PRC) appreciates the opportunity to comment on the Federal Trade Commission's (FTC or Commission) follow-up to the 2003 survey. Our comments focus on suggestions for improving upcoming surveys.
The PRC is a nonprofit consumer education and advocacy organization based in San Diego, CA, and established in 1992. It advises consumers on a variety of informational privacy issues, including financial privacy, medical privacy, and identity theft through a series of fact sheets as well as individual counseling available via telephone and e-mail. It represents consumers' interests in legislative and regulatory proceedings on the state and federal levels. www.privacyrights.org 
Since 1992 the PRC has counseled thousands of identity theft victims. Today, with approximately 120,000 unique visitors to the PRC web site each month, identity theft remains the number one reason consumers contact us. From our experience, identity theft has not declined. Instead, public awareness has increased reporting.
The Commission's 2003 survey found approximately 10 million identify theft victims in the prior year. Before the 2003 survey was released, annual victims were estimated at between half to three quarters of a million per year. These earlier estimates, everyone with any knowledge agree, grossly underestimated the scale and impact of this crime. The 2003 survey sounded a wake-up call. Still, we are not convinced that a complete picture of identity theft is known.
The Commission's proposal to conduct subsequent surveys every two years is a needed step in the right direction. Periodic surveys are necessary to assess the changing face of identity theft as well as more accurate counts of actual victims. For the coming survey, the Commission proposes to use questions similar to those used in the 2003 survey. In specific comments below, we recommend expansion of some questions and the addition of a few new questions.
Fraud unreported. A most telling - but not surprising - finding of the 2003 survey illustrates the degree to which identity theft goes unreported. Responding to survey questions, only 25% of those surveyed reported the crime to the local police. Only 22% of respondents reported the crime to the credit bureaus.
These findings warrant further investigation in coming surveys. We suggest a simple follow-up question about why the victim did not file a police report or contact a credit bureau. There may be different explanations for not reporting the crime. A most troubling response would be that the victim did not know about the right to file a fraud alert or the need to file a police report.
Further investigation may reveal a lack of knowledge by low-income individuals, the group found in the 2003 survey to have a higher instance of identity theft. Several studies by the Consumer Federation of America identified low-income individuals as having low understanding of the credit industry. Victims of modest means can least afford economic loss caused by identity theft. (www.consumerfed.org/pdfs/Providian_Press_Release_9_05.pdf )
Public awareness is necessary if victims are to exercise fundamental rights such as placing a fraud alert or obtaining account applications or other documents used to commit the fraud. A police report and fraud alert are also necessary to stop future instances. A finding of inadequate knowledge would indicate the need for more consumer education about the steps to take when identity theft strikes.
Victim knew who misused information. Only a little over half the victims surveyed in 2003 knew how their identity was stolen. Of that number, 26% of victims knew who had misused their identity. Industry is quick to point out that most people are victimized by people they know, usually family members or friends.
Consumer advocates have long held that lax business practices play a significant role in identity theft and that the family/friends connection, although nontrivial, has been misinterpreted. In the 2005 update to the earlier FTC survey, Javelin/BBB found that of those who know who perpetrated the crime ñ 26% of those surveyed ñ half reported that it was someone they knew such as a family member or roommate. This means that 13% of those surveyed, or about one in eight, were victimized by those close to them. (Javelin Strategy & Research, 2005 Identity Fraud Survey Report , Jan. 2005, p. 24)
We recommend that such questions remain on the survey. It's important in our overall understanding of the crime and its evolution to know as much as we can about the connection, if any, between the perpetrator and the victim.
It would be useful to learn more about identity theft that emanates from the workplace. Nearly one quarter (23%) of the 26% of victims who knew the identity of the thief said ìÖthe person responsible was someone who worked at a company or financial institution that had access to the victim's personal information.î (2003 survey, page 29) Future surveys should explore what, if any, measures the business took to assist victims.
Victim participation in legal process. It is often said that identity theft is the perfect crime. The rewards are high, and the risk of getting caught is slim to none. If caught, the thief may get off with a ìslap on the wrist.î Although enforcement efforts have increased in recent years, general perceptions among many in industry and law enforcement persist that the credit card company or bank is the ìvictim.î This is not only very discouraging for individual victims, but is simply not true.
The last survey asked about victims' satisfaction after contacting law enforce. The survey found a ìsubstantial percentageî of victims were very dissatisfied. The reasons for this should be further explored in future surveys. Questions such as whether the victim received information or updates about the progress of the investigation may offer needed insight into the high rate of dissatisfaction.
Respondents should also be asked whether they were informed that the thief was caught or if they participated in the legal process by testifying or providing a sworn statement. Further, victims should be asked if they requested and received restitution. Individuals who expend considerable time and money dealing with identity theft are likely to experience less frustration if they are part of the legal process.
In short, coming surveys should examine why so few victims (25%) file a law enforcement report. The Commission can then review ways to encourage victims to file a police report or identity theft report. Many new laws have been passed to address the crime of identity theft. However, these laws can only be effective if crimes are reported.
A new question about security breach notices. This year more than 100 data breaches have been reported, and millions of consumers have received security breach notices. Nearly half of the states have now enacted security breach notice laws, and Congress is considering several bills that contain notice provisions. The FTC should add a question asking if the individual has received a security breach notice, with a follow-up question on what preventive steps the individual then took.
Phishing and other forms on online-related fraud. Phishing has exploded as an issue since the 2003 survey was conducted. The FTC should add a question, or fine-tune existing questions, to inquire if the individual became a victim through a phishing scheme.
The response of the marketplace to identity theft. A variety of companies have introduced products and services related to identity theft in the past two years. It would be instructive to know if individuals have obtained credit monitoring services and identity theft insurance recently. Follow-up questions could explore the cost of the services, the individual's level of satisfaction, and related matters.
Again, we appreciate the opportunity to comment. We favor the Commission's continuing efforts to survey identity theft victims.
Beth Givens, Director
Tena Friery, Research Director
Privacy Rights Clearinghouse
3100 5 th Ave., Suite B
San Diego, CA 92103