MEMBER SPOTLIGHT: Consumer Federation of America (CFA)

What Breached Entities Need to Know Before Choosing ID Theft Services for Victims

Rising Number of Data Breaches Increases Threat of Identity Fraud

The Consumer Federation of America, a MIFA Strategic Partner, and its Identity Theft Service Best Practices Working Group, which includes consumer advocates and identity theft service providers, have created a checklist, “My company’s had a data breach, now what? 7 questions to ask when considering identity theft services,” to help breached entities make decisions regarding ID theft services.

According to the Identity Theft Resource Center, there were more than 630 data breaches in the U.S. from January 1 through August 31 of this year, putting 2016 on track to exceed the total of 780 breaches that the group recorded in 2015 and millions of individuals at risk of identity fraud. When companies, organizations or government agencies experience a data breach that may have exposed people’s personal information, one of the many issues they must address is how to help those affected. Should they offer them identity theft services? If so, how should they choose the provider and what features should they look for?

Identity theft services may not be necessary for every breach, but if you’re going to offer this kind of service, it is important to make sure that that it provides the information and assistance that best fits the needs of the people who are impacted.— Susan Grant, Director of Consumer Protection and Privacy at CFA

Identity theft service providers offer a range of services which typically include alerting people about possible fraudulent use of their personal information, mitigating the damage, and/or helping them recover from identity theft. The features of the programs vary and can often be customized to fit particular breach situations.

The checklist explains the different kinds of monitoring and fraud resolution that may be offered. Whether identity theft services are needed and what features to look for depends on the types of personal information involved and other factors. If the breached entity is required under state or federal law to notify those affected, it should consider providing these services.

Click here for the checklist on identity protection services.

Click here to see what other MIFA Members and Partners are doing, as well as useful publications and other resources.