Senator Feinstein Introduces New Privacy Bill [more...]

Ingredients for Identity Theft Soup Found in Politicians' Cupboards [more...]

Aviation Security About to Change [more...]

Protecting Your Business Against Terrorism [more...]

Experts Reveal Pre-Employment Screening Tips [more...]

Gen-Xers Make Move [more...]

Computer Virus Attacks Increasingly Motivated by Money [more...]

So Goes Oklahoma, So Goes the Nation [more...]

On Tuesday, September 14, 2004 Senator Dianne Feinstein introduced S 2801, the Social Security Number Privacy and Identity Theft Prevention Act of 2004. This bill is an exact replica of Rep. Clay Shaw's HR 2971 that would eliminate the public's use of Social Security Numbers and credit headers. In her introductory remarks, Senator Feinstein said: "We have only three weeks until the end of this Congress to enact this legislation to prevent such thefts by protecting Social Security Numbers. If we do not pass this legislation now, we will have to wait yet again to give basic protection to information that should have been under lock and key long ago. It is time for us to act!"

We believe Senator Feinstein may be unaware of the significant opposition to Rep. Shaw's bill. Eliminating the public's use of SSNs and credit headers (which do not include consumer credit information) would be devastating to commerce and hamper the public's access to public record information. In her zeal to stop identity theft, she is inadvertently eliminating the very tools used by law enforcement and private industry to catch identity thieves. While we applaud the Senator's good intentions, she needs to hear from those that properly use SSNs and credit headers that her bill will tie the hands of the very people most able (and willing) to fight identity theft. Senator Feinstein may be reached by mail or telephone:

The Honorable Dianne Feinstein
United State Senate
Washington, DC 20510
202-228-3954

Provisions of U.S. Rep. E. Clay Shaw's Social Security Number and Identity Theft Prevention Act of 2004 and S 2801, its companion bill introduced by Senator Dianne Feinstein, would shut businesses off from the use of personal identifying information for legitimate purposes. In the name of identity theft protection, these privacy measures would eliminate civilian crime fighters' abilities to perform their professional duties, disrupt judicial processes and restrict other important business activities in the banking and insurance industries. However, Congress may not be aware that lurking within politicians' offices are all the ingredients needed for criminal abuse of their constituents' personal identifying information.

Political candidates frequently rely on voter registration data to advance and financially fortify their campaign efforts. For example, in the Commonwealth of Virginia (and other states), political candidates are allowed to obtain the following voter data: full name, residence/mailing address or both, gender, date of birth, date of registration, and voting history. In and of itself this information, while personal, is rather benign, with name and address information readily available from telephone directories, commercial mailing lists, or other public record resources. However, once indexed and matched to the signatures of voters collected on a petition during a political campaign, one has nearly all the ingredients necessary to perpetrate the crime of identity theft.

"Further add to the mix telephone or door-to-door campaign [soliciting] during which volunteers speak with voters gaining their trust and confidence, and one unscrupulous campaign worker who requests a social security number and mother's maiden name 'for the record.' A criminal now has the finishing ingredients for identity theft soup," says Deborah Aylward, a prominent private investigator in Virgina. Based on her professional experience with actual cases of identity theft, Aylward claims it is reasonable to think that this type of scenario could occur. According to Aylward, "There is no statutory requirement mandating the protection of voter registration information [including] donor financial information and signatures, or that persons working for political candidates be subject to criminal background [checks]." Aylward reminds voters, "Let's not forget the fact that anyone touting a voter registration form may obtain personal identifying information [from a citizen]. Voter registration information can be solicited and collected by anyone using a Web site, collected at places of employment, [or] by members of religious and civic organizations, just to name a few. The potential for criminal abuse of these records is enormous."

"It is abundantly clear that political candidates are the most voracious consumers of personal identifying data contained in voter registration information," says Aylward. She summarizes, "However, current privacy proposals [such as HR 2971 and S 2801] do not impose identity theft safeguards upon politicians [and their campaign activities]. It would seem that what's good for the goose is good for the gander. [We] suggest that Congress slow the rush to pass identity theft legislation until all adverse consequences are thoroughly understood, explored, debated and resolved."

Contributed by Deborah Aylward, 703-205-9692. Edited with permission.

The Aviation and Transportation Security Act (ATSA) mandated federalization of all airport security screening in November 2001. As a test, the ATSA allowed five airports to opt-out and use private screeners. The five airports, San Francisco International, Kansas City International, Rochester International, Jackson Hole, and Toledo (Ohio), all have a federal security director to oversee operations. A recent GAO survey suggests that despite better selection practices, better pay, more training, and improved technology, the Transportation Security Administration (TSA) screeners performed no better and possibly worse than private screeners. As of November 19, 2004, the ATSA statutorily allows airports to apply for opt-out status and again use private security. TSA officials would still manage private security operations but airport authorities could streamline their processes and realize big savings. In the meantime, TSA is developing performance standards to measure screener reliability and lay the groundwork for potential contractor replacements at airports currently staffed by TSA.

Source: Security Letter, 2004

The Department of Homeland Security has just launched a new Web site for small business owners offering information on how to set up programs for protecting workers and continuing operations in the event of a terror strike. The site, www.ready.gov, offers advice on what small businesses can do to protect workers in case of a nuclear, chemical or biological attack, and how to develop escape plans. It also offers disaster recovery and business continuity plans for small businesses.

For continuity of operations planning the site suggests:

• Carefully assess how your company functions, both internally and externally, to determine which staff, materials, procedures and equipment are absolutely necessary to keep the business operating.
• Review your business process flow chart if one exists.
• Identify operations critical to survival and recovery.
• Include emergency payroll, expedited financial decision-making and accounting systems to track and document costs in the event of a disaster.
• Establish procedures for succession of management. Include at least one person who is not at the company headquarters, if applicable.

Today, effective pre-employment screening is more important than ever, but screeners and HR professionals know that getting reliable information from prior employers and references has never been more difficult. We posed this dilemma to our team of experts and others in our industry. Here is what they suggested:

• Bypass HR departments when attempting to verify employment. Ask applicants to provide the names and telephone numbers of their prior supervisors and call them first. If those individuals are unable to provide all of the information sought, then call HR.
• Ask applicants seeking managerial or executive positions to provide copies of past performance reviews. Alternatively, ask for their written permission to obtain them directly from prior employers.
• If the applicant's most recent job would typically necessitate them having a business card, ask for one. It is not uncommon for eager applicants to sometimes exaggerate prior job titles and responsibilities. Be suspicious if the card provided looks homemade or has perforated edges.
• Ask those claiming prior military service to provide a copy of their discharge form, DD214. While most employers are not permitted to disqualify applicants for a less than honorable discharge, the DD214 will disclose all of the veteran's military schools and training, as well awards and commendations.
• Ask every applicant if they have ever obtained a protective order (or restraining order) or had one filed against them. If they answer yes, continue to question them in order to understand the circumstances and determine whether or not the applicant poses a potential risk to your organization or people.

Gen-Xers are starting to make their first moves into management. Ages 28-39, they bring a new vitality to many workplaces. Unlike boomers, they are often more practical and self-reliant. They readily accept new ideas, work hard, and resist micromanagement. They embrace technology and are suspicious of those that don't. Their downside: They are often blunt and to the point, something boomers say they like, but rarely tolerate. Many also lack discipline and resist conformity. Personal time can easily get in the way of meeting important deadlines and pleasing customers. Best advice: interview all candidates before hiring or promoting. Ask probing questions about professional goals, work ethic, and the ability to conform when necessary.

While hackers and virus-writers are portrayed as bored-but-crafty geeks, online attackers are frequently instead professional criminals bent on making fast money. According to a recent study by Symantec Corp., the giant software security maker, viruses are increasingly used to harvest passwords and personal and financial information. The information is then used to hijack the victim's identity and make unauthorized purchases, move or launder money, or steal personal assets. Others in the security industry agree. In addition to clogging networks, destroying data, and damaging critical communication systems, spam and viruses frequently contain codes that upload "key-loggers." These small and menacing programs record the victim's every keystroke, allowing the hacker to later access the victim's computer and copy files, change data and harvest personal information for criminal purposes. Increasingly, small companies are targeted because they are less likely to be well-defended. Similarly, hackers seek home computers and small non-profits. According to Symantec, while the U.S. is still the number one source of all attacks, its share fell from 58% to 37%. China holds second place, followed by Canada. Best advice: regularly update antivirus software and periodically check system firewalls.

Workplace fatalities rose nine percent in Oklahoma in 2003, with the transportation and public utilities sector again holding the highest numbers among industries, according to the state's Labor Department. In 2003, 100 Oklahomans died on the job, up from 92 in 2002. Across all industries, transportation accidents accounted for approximately half of all workplace fatalities. The figures exclude those who lost their lives while commuting.

"Sadly, many of those deaths were preventable," state Labor Commissioner Brenda Reneau Wynn said. "While mobile workplaces like transportation and construction present unusual obstacles, employers and employees can work together to effectively eliminate most on-the-job hazards."

Also in 2003, sixteen Oklahomans died from workplace violence, including 10 homicides and three suicides. "The sixteen deaths resulting from violence was double the eight such deaths recorded in 2002," Wynn said. "If not for the increase in this category, fatal occupational injuries in Oklahoma would have remained unchanged from 2002."

According to the Bureau of Labor Statistics, nationally 5,559 workers died on the job in 2003, only a small increase over the 5,534 who died in 2002. Again, construction workers suffered the most fatalities with 1,126 deaths, followed by transportation and warehouse workers with 805 deaths. Across all industries, fatal highway accidents accounted for 1,350 deaths, or about one in four of all workplace fatalities.

Source: The Daily Oklahoman, 2004