Identity Theft Articles

Despite Laws, Large Number of Data Breaches Continue To Go Unreported

The number of data breaches that go unreported is unsettling to many consumer groups

The vulnerability of personal, business and government databases remains a cause of concern for lawmakers who are seeing an increased number of data breaches. The risk increases both as more sensitive information is transferred or stored online and many systems do not enforce proper security measures. Reporting a data breach is of the utmost importance because it allows officials to notify those whose personal information may be compromised. Reporting a breach also gives system owners the opportunity to find the vulnerability and correct it. However, a new report reveals that a large number of institutions are still failing to report data breaches.

According to data from the Identity Theft Resource Center, 341 data breaches were recorded during the first six months of 2010. However, the ITRC also reported that they did not receive information for hundreds of breaches for a number of reasons. For example, current laws mandate that medical breaches involving more than 500 patients be reported to the Department of Health and Human Services. However a large number were not reported because the HHS allows for a "risk of harm" threshold, which provides a loophole in reporting. The loophole allows organizations to determine if the breach has caused sufficient financial or reputational harm to an individual, InformationWeek reports. If the group decides it has not, they will not be forced to report the breach.

Some states are also protected from making a breach public through the use of a "protected breach list," which generally only allows consumers to view the details by exercising the Freedom on Information Act.

According to data from the ITRC, 46 percent of breaches do not display how many records were compromised and 38 percent of public breaches do not disclose how the vulnerability occurred.

Consumers should protect their online information by ensuring that all their security and virus software is updated. In the event of a data breach from a business or government system, victims are usually signed up for a credit monitoring service at no charge. Victims should also obtain a copy of their credit report to examine for any suspicious activity. Because medical-related data breaches can expose medical and insurance information, consumers at risk should obtain a copy of any insurance claims made throughout the year to make sure they are all legitimate.