by Doug Pollack
Our ID Experts blog is moving to a new home. Please check out the latest in identity theft and data breach news, advice and other happenings at our new address www.blog.idexperts.corp.com.
We are also sponsoring a new, informational data breach news site providing articles and news events specifically focused on data breaches. Please visit often or subscribe to this site at www.databreachwatch.org.
Both sites will continue to provide you with current and helpful information in the areas of identity theft and data breaches.
Tuesday, April 29, 2008
Moving ...
Thursday, April 3, 2008
Independent Risk Analysis Presented at FOSE Conference April 1, 2008
by Rick Kam
April 3, 2008
This conference is one of the largest IT conferences for public agencies with attendance approaching 20,000 professionals. Leading educators and technology solution providers focused on security, privacy, and "green" IT solutions.
Keynote speakers from Google, Sun Microsystems and others talked about the future of computing and how public agency IT professionals can create a more productive and secure computing environment.
I presented for ID Experts on the topic of how an "Independent Risk Analysis" provides public agencies a more effective solution to mitigate risk when they have a data breach (i.e. when the best security measures fail, what next). Highlights from my presentation included:
1. The requirements that prompted congress to enact public law requiring independent risk analysis
2. When an agency would implement an independent risk analysis
3. What are the benefits of doing an independent risk analysis
4. How to initiate an independent risk analysis
5. How to be better prepared before an agency has a breach
ID Experts was one of two companies awarded a government contract to provide Independent Risk Analysis to public agencies in the U.S. This was a great opportunity for us to explain to public agencies how our solution helps them assess and certify the level of risk for an affected breach population and develop an effective risk mitigation plan.
Posted by Rick Kam at 5:30 PM 2 comments
Labels: data breach, FOSE, identity theft, Independent Risk Analysis, operational risk
Tuesday, April 1, 2008
LifeLock Class Action Lawsuits
by Doug Pollack
This past week, there were two class action lawsuits filed against LifeLock, one in its home state of Arizona and one in New Jersey. Following on a recent lawsuit filed against LifeLock by Experian, one of three US credit bureaus, these class action lawsuits also assert that LifeLock is engaged in deceptive advertising relative to the level of protection provided by their service against identity theft. The LifeLock offering depends almost entirely upon the placement of perpetual fraud alerts as the means for protecting their subscribers from identity theft.
As noted by David Paris, an attorney involved in this matter, in an article on the CNBC website titled "N.J. Class Action Lawsuit Filed Against LifeLock Alleging Deceptive Marketing Regarding Limited Level of Protection Against Identity Theft":
" 'While fraud alerts may be effective in limited instances, they certainly cannot provide the comprehensive identity protection that LifeLock deceptively advertises,' said Paris. 'For instance, fraud alerts cannot stop the use of existing account numbers, and contrary to LifeLock's advertisements, lenders are certainly not required to contact the subscriber before extending credit to a potential identity thief.' "
The article and comments from Mr. Paris also address the alleged deceptive nature a severe limitations on the highly publicized $1MM LifeLock Guarantee:
"According to the Complaint, LifeLock also misleads subscribers by advertising its $1 million service guarantee. 'Potential LifeLock subscribers are enticed by the 'safety net' of what appears to be a one-million dollar insurance policy against any losses sustained as a result of identity theft,' said Paris. 'In actuality, once you get beyond the limitations and disclaimers, you find that the guarantee is limited to fixing failures in LifeLock's services and paying third-parties to attempt to restore subscriber losses.' "
Hopefully these lawsuits will help bring visibility and clarity to consumers as to the differences in identity theft protection services. Most services, including those provided by the company that sponsors this blog, ID Experts, do not rely on fraud alerts as a primary or sole means of protection, nor do they make questionable or misleading large dollar guarantees. It is unfortunate that brash marketing tactics have made it difficult for consumers to make an informed product decision based on the facts related to differences in these services.