THE BLOG

Washington Must Focus on Online Data Security

09/13/2013 06:26 pm ET | Updated Nov 13, 2013

Over the long Labor Day holiday weekend, yet another article ran in a local newspaper about another massive data breach that has left the most personal information of millions of Americans once again at risk. This time it was 4 million health records for patients with a physicians' group in Illinois.

It seems like these stories appear so often we are numb to them. It's so bad there is a "Hall of Shame" website kept by the U.S. Department of Health and Human Services for data breaches of personal health and medical information. Of course, bank and credit card information, rather than health records, remains the real prize for identity thieves.

Safeguarding our citizens online must become a higher priority for the regulators and policymakers charged with protecting consumers. It is time that we finally confront the long-standing and growing data security crisis in this country. Strong data security should be a paramount concern for every consumer, regulator and company as we continue to nurture a dynamic Internet economy.The Internet has become a fertile ground for hackers, identity thieves and other fraudsters who exploit consumers in ever greater numbers.

A check of the statistics is staggering. Last year saw records broken both for personal identity theft and corporate data breaches. In 2012, 2,644 data breach incidents were reported by businesses, schools, governments and other organizations, more than doubling 2011's total. Last year there were 12.6 million victims of identity theft with more than $20.9 billion stolen -- that's one-and-a-half times the government's annual budget for NASA. Just last month, a hacker appeared in court for allegedly stealing 160 million credit cards, costing the affected companies more than $300 million.

With figures like that, it's hardly surprising that identity theft has been the top consumer complaint to the Federal Trade Commission for 13 years running. Researchers at UC Berkeley found that from 2004-2008, the FTC received 200 times more complaints about identity theft than about general privacy issues. Yet as identity theft has remained the number one concern of consumers, it hasn't necessarily been the number one focus of the FTC.

Consumers are urgently asking for help safeguarding their data online. Complaints of identity theft grow every year with no end in sight. Last year an identity theft occurred every 3 seconds.

These thefts aren't trivial, either: take, for example, the story of Dave Crouse, who saw fraudsters use his identity to rack up $900,000 in charges, steal his social security number and destroy his credit rating. "It ruined me financially and emotionally," said Crouse of the experience. Ask anyone who's ever been in that position, and he or she will tell you how helpless it made them feel -- families can lose thousands of dollars, see their credit ratings ruined and their reputations tarnished.

Arresting this discouraging trend will take a concerted effort on the part of regulators, businesses and consumers. The Federal Trade Commission needs to play a leadership role in this serious issue. The nation's premier consumer protection agency has tools at it's disposal to help educate consumers and companies about how to better protect themselves and our data. They should convene the best minds together to advise them on these issues, work more closely with the nations where most data theft originates, and aggressively go after the thieves.

Companies, meanwhile, need to focus on developing 21st century safeguards for outsmarting would-be thieves. And consumers should take greater advantage of all the tools provided to them to protect their data -- tools like two-step log-in authentication and guidelines for strong, secure passwords.

There are many complex issues related to online data and cybersecurity. The complexity of dealing with all of these aspects ought not prevent focusing on the parts where we can make meaningful progress.

A comprehensive approach to online data security won't be easy. Any solution will require buy-in from everyone: government regulators, businesses and users alike. But, in this Internet era that has brought incredible advances along with new threats, we must work together to ensure that an ecosystem of innovation and growth is not hijacked by online predators, scammers and identity thieves.