Flexibility is Key in Keeping Up with ID Thieves

Many states are making the first forays toward protecting their citizens from the rapidly growing and ever-evolving crime of identity theft. But in Illinois, Attorney General Lisa Madigan is pioneering a new approach to the problem. Madigan is building progressive programs and laws that evolve in response to the hydra-like nature of identity theft.

For years, Illinois Attorney General Madigan recognized that identity theft was becoming a major issue in her state. Everybody did. On the TV news, in bars and at family gatherings, people were treating this once-obscure topic as the new hot-button issue.

“Everywhere you went, people were suddenly talking about identity theft,” says Steve Wrone, Madigan’s top advisor on consumer policy.

But solid numbers were difficult to find. Was Illinois actually facing an identity theft epidemic? Or was this just another media fad, a hot headline followed by smoke but little fire?

“Our whole point is to say that if you’re going to request a Social Security number, you’d better have a really good reason,” Wrone says.

To find out, Madigan created a hotline in 2006 dedicated entirely to identity theft complaints. The year before the hotline started, the Attorney General’s office received 327 tips about identity theft, representative of a common problem: people often don’t know to whom they should report the crime.

During the hotline’s first year, the number of complaints soared to 5,300; likely, the number was significantly higher if one could identify the number of cases that went unreported. For the first time ever, identity theft became the number-one category of consumer fraud in Illinois, outpacing traditional scams like predatory lending and bank fraud. “That is a striking jump,” Wrone says.

The hotline served as an informal poll, revealing which types of identity theft are most common. The largest share of the epidemic comes from credit card fraud, which prompted nearly 25% of complaints in 2006. Using pilfered personal information to open new credit accounts or plunder existing ones, thieves stole millions of dollars’ worth of consumer goods in the state last year, leaving victims’ credit ratings in shambles and merchants footing the majority of the bill.

The next most common type of complaint came from victims whose personal information had been used to create new phone, Internet and utility accounts in their names. In 14% of cases, Illinois residents said they discovered that they were liable for large utility bills only after the thieves stopped paying for the service.

What Madigan has done is to crack down on identity theft as one would build a house.

Though not large in volume, a surprising and new form of identity theft complaint involved collection agencies, Wrone says. In 3.8% of cases, residents said that bill collectors continued to threaten victims’ assets, incomes and credit ratings even after the companies were notified that the unpaid debts were actually caused by identity thieves.A deluge of identity theft complaints:

Article Resources:

  1. 2018 Top Credit Monitoring Service Plans
  2. FTC Identity Theft Reporting
  3. Your Identity Theft Rights


Along with the new hotline, Madigan added staff to help deal with identity theft complaints. Today, a total of six employees help Illinois residents resolve identity theft problems in Madigan’s offices around the state.

And still it is not enough. The workers are barely able to keep up with the deluge of calls, Wrone says. So as the Illinois state legislature begins its new session, and just in time for National Consumer Protection Week, Madigan plans to propose three new laws that would help citizens reduce their exposure to identity theft and minimize its consequences when it does occur.

New bills on the horizon:

One bill would create a new unit within the attorney general’s office dedicated exclusively to identity theft. The unit would serve a variety of functions, Wrone said. It would conduct public education programs to teach people how to protect private information and documents from identity thieves. It also would work with government agencies and private businesses to educate them on making their data systems more secure.  In the event of a data security breach, the unit would focus on victim counseling to help affected consumers rebuild their credit. It also would advise companies and government agencies on state and federal laws requiring breach notification to victims, and help them to protect themselves against future security failures.

The new unit also would include a number of Assistant Attorneys General, who have the power to prosecute if they discover companies breaking the law by leaving sensitive personal information unprotected. But bringing criminal charges will not be the group’s main function. “We want businesses to feel comfortable enough to ask us for help,” Wrone says. “Legitimate companies aren’t the problem here, because they want to maintain their customers’ trust."

“Our whole point is to say that if you’re going to request a Social Security number, you’d better have a really good reason,” Wrone says.

Attorney General Madigan hopes to crack down on businesses with separate pieces of legislation, also to be introduced during National Consumer Protection week. One law would ban companies from requesting individuals’ Social Security numbers unless the information is necessary for the transaction or is required by law. Several Illinois legislators are discussing similar legislation that would apply to state agencies. Both laws would change the way in which the debate over Social Security numbers is framed. Instead of individuals being forced to prove that institutions don’t need their private data, the onus would shift to the institutions to prove that such information is actually required.

Madigan’s other bill would require that collection agencies stop trying to collect debts from identity theft victims. Collections agents would be forced to expunge their records in cases where debts were accrued by thieves in the victim’s name, thus alleviating some of the strain victims suffer trying to repair their files after an incident.

The Madigan Model:

Madigan’s approach to identity theft gives us a valuable model that should be followed by other state and federal officials. A majority of states have implemented basic laws that require notification to potential victims of identity theft in the event of a large security breach by corporations or government agencies. However, many of these laws only require notification if the company and/or the government agency determines that the breach poses a real danger. (The federal government hasn’t even passed this most basic type of legislation.)

The problem with this once-and-forever approach is that identity theft is intertwined with technological change. As the technologies required to gather and disseminate vast amounts of private data develop and proliferate, so does the reach and sophistication of identity thieves. Thieves constantly invent new ways to steal identities, so we need laws that evolve along with the problem.

What Madigan has done is to crack down on identity theft as one would build a house. First she laid a foundation, gathering statistics to help her better understand the problem. With the laws she is proposing this year, she hopes to build the exterior walls of Illinois’ identity theft policy by formalizing some generally-accepted ideas of what corporations and government agencies should be allowed to do with private data, and what they should not.

Once this structure is laid out, individual laws targeting specific industries, such as collection agencies, can be implemented. With information continuing to flow in from the hotline and through friendly interactions with corporations and public agencies, Madigan can build her office’s expertise in identity theft, continually developing laws and programs that will help keep the thieves in check.  Privacy Policy | Legal Notices


About the Author