Abstract

Discusses an organisation’s responsibilities to mitigate the opportunity for identity theft, which is the criminal act of assuming the identity of another person with the expectation of gain; it is becoming the most pervasive financial crime today and resulted in the estimated loss of $221 billion worldwide in 2003. Indicates the methods used to steal identities and some of the US laws applicable to identity theft. Goes on to the increasing tendency among victims of identity theft to seek redress from third parties, including employers and other record keepers, for failing to protect their personal information. Makes recommendations for organisations to reduce the risks involved: enhance manual controls by destroying outdated records and restricting files to authorised employees, establish employee controls, enhance computer system controls, and consider insurance as a risk management tool.