It was 1998 and identity theft had not yet hit the radar screens as heavily as it would during the course of the next decade. Who could predict? So when I received a call from Albert J. Marcella, Jr. Professor of Management in the School of Business and Technology, Department of Management, at Webster University in St. Louis, who said he was putting together an “audit oriented” publication for The Institute of Internal Auditors to guide professionals who were becoming increasingly concerned about online identity theft, I naturally wondered what I could contribute to that effort.
So we spent a great deal of time collaborating about what we knew, speculated about what we did not know, and tried to put the work in context—specifically, guidance for corporate auditors and security management professionals on what they needed to know as sensitive, personally identifiable information migrated online. The result, of which my contribution played only a small part, was a book entitled www.STOPTHIEF.net, Protecting Your Identity on the Web, published in November 1999 by The Institute of Internal Auditors.
Identity theft, not a brand new crime even then, had a new face in our online, digital interconnected world. And, it was growing and pervasive, and its implications—if for no other reason than the sheer magnitude of the potential risks and the speed at which they would materialize on or through the Internet—were unprecedented and were becoming global.
I now know what I could not have known then—that more than 40 states have passed identity theft statutes and that the Privacy Rights Clearinghouse website, which takes pride in cataloging such things, estimates that as of a day or two ago, 263,247,398 records containing sensitive personal information were involved in security breaches in the United States since January 2005—six years after the publication became available.
To appreciate the foresight and to learn about those audit guidelines and benchmarks, you have to buy the book. But to read my personal piece of that collaborative effort—an end-piece summary of the legal implications entitled “Technology, the Internet and Cyberspace: Challenges to National and International Privacy“, you just have to read Legal Bytes.