Identity Theft Alert

by Harold Jacklin, Council Health & Safety Committee Chair

Identity Theft Prevention is Everyone's Responsibility!

During the Executive Board meeting held on September 13, 2003, concerns were raised with regard to identity theft within the Utah National Parks Council?s Scouting program. Two areas of identity theft were emphasized:

  1. Ascertaining that qualified persons are admitted to the Scouting program
  2. Destroying any records that might fall into the wrong hands

Interestingly, following the Executive Board meeting, as cleanup of the building was done, some papers were found in one of the garbage receptacles that contained some personal information. This information was of such a nature that it should have been shredded or burned.

Because of the serious nature of the problem of identity theft, it is imperative to reflect further upon the concerns of identity theft and call additional attention to the matter. The Scouting program in the Utah National Parks Council deserves the very best that we can provide.

As a volunteer for the 2002 Winter Olympics in Salt Lake City, I was assigned to the Olympic Village located at the University of Utah. The Olympic Village was the residence of the athletes during the Olympics. My major assignment was to check the athletes back into the village after their competition or after they had made a visit outside the village.

Those authorized to enter the village wore a special identification. The identification included the name of the individual, a special code which authorized entrance into the village, a picture of the individual, and a bar code. As a volunteer we were trained to inspect the special identification and determine whether the individual was authorized to enter the village.

On one occasion, a person approached me at one of the entrances to the Olympic Village. I looked at his credential which contained the appropriate information to allow him to enter the Village. I looked at the person eye to eye, and then looked at the credential again, specifically looking at the picture identification. In my mind I thought that the picture and the person carrying the credential did not match. I looked at the person again and noticed that he appeared a little nervous.

At this point, I quickly signaled to the Secret Service person located just behind me. He quickly came to my side and I said that the credential did not match with the person who was attempting to enter the Village. The Secret Service agent motioned for other law enforcement assistance and took custody of the person and the credential.

I was never informed of all of the details associated with this matter, except that the person was not allowed to enter the Village and was known by law enforcement personnel as one who would attempt identity theft. The last I saw of the individual, he was handcuffed, loaded into one of the police vans and taken to the law enforcement offices.

Often then, and since, I have reflected upon the potential harm that might have been encountered had that person been allowed to pass through the gate and gone on into the Olympic Village. Likewise, in the Scouting program of the Utah National Parks Council, the admittance of a leader into the life of a boy must carry the proper credential. I tend to liken the life of a boy to the Olympic Village and unauthorized individuals should never be allowed to enter.

We, in the Utah National Parks Council, are grateful to James Brown for his assistance in bringing to our attention the problem of identity theft. We must be careful in the selection of leaders and with information concerning the Scouting program. The protection of the youth and the integrity of the Scouting program must remain our foremost focus.

For the benefit of each one of us, the information concerning data security prepared by James Brown follows in its entirety.

The Problem

The crime of identity theft is on the rise. An estimated 500,000 or more persons fall victim each year. Using a variety of methods, criminals steal names, addresses, Social Security numbers, driver?s license numbers, and other pieces of individuals' identities such as date of birth. They use this information to impersonate their victims, spending as much money as they can in as short a time as possible before moving on to someone else?s name and identifying information.

There are two types of identity theft. Account takeover occurs when a thief acquires your existing credit account information and purchases products and services using either the actual credit card or simply the account number and expiration date. Application fraud is what some experts call ?true name fraud.? The thief uses your SSN and other identifying information to open new accounts in your name. Victims are not likely to learn of application fraud for some time because the monthly account statements are mailed to an address used by the imposter.

An official from MasterCard said that the dollar losses relating to identity fraud represented about 96 percent of its member banks? overall fraud losses of $407 million in 1997. Our Council maintains personal identity information on over 30,000 adults. If a thief managed to steal $100 per identity, that?s over $3 million!

How thieves get information:

  • They go through trash cans and dumptsers looking for straight cut or unshredded papers.
  • They steal your mail or your wallet.
  • They listen in on conversations you have in public.
  • They trick you into giving them the information over the telephone or by e-mail.
  • They buy the information either on the Internet or from someone who might have stolen it.
  • They steal it from an application form you filled out or from files at a hospital, bank, school or business that you deal with. They may have obtained it from dumpsters outside of such companies.
  • They get it from your computer, especially those without firewalls.
  • They may be a friend or relative or someone who works for you who has access to your information.

Some solutions:

Pay special attention to paper and electronic documentation, including printouts, with personal identity information:

  • Adult and youth BSA application forms - Name, address, SSN, DOB, and personal references.
  • Health forms - Health insurance ID numbers typically contain your SSN.
  • Employment applications - Name, address, SSN, DOB, references, and employment history.
  • Re-charter Documents - Name, address, phone, and DOB.
  • Merit Badge Counselor Lists - Name, address, phone, and DOB.

Think about the following list each time you deal with personal identity information:

  • Information acquisition - Do you actually need the information? Are you acquiring it in a safe manner?
  • Storage - What security measures have you placed around the facilities and systems storing personal data? It should be considered highly classified and not common access. Are filing cabinets locked? Do computers have frequently changed passwords? Are papers and printouts left in the open (on your desk, in your trash basket)?
  • Access - Who has access? Is it on a need-to-know basis and is access audited? Is there password control over systems? Did you do a background check on those who have access to personal information of employees and customers? Do temps have access to secure information?
  • Disposal - Are electronic and paper documents containing personal information rendered unreadable prior to disposal? What is in your trash can and dumpster?
  • Distribution - How do you handle information? Is your employee requiring a member of the public to repeat a SSN out loud where it can be overheard? Are you handing out lists with confidential information (i.e., recharter documents, merit badge counselor lists)? Are you copying or passing on documents with confidential information (applications, health forms, etc.) to those who do not have a need for this information?

Let each of us remember that information security is everyone?s responsibility. How would you feel if the next news story about identity theft focused on the Utah National Parks Council mishandling identity information or allowing an unauthorized person access to the youth? We deeply appreciate the extra effort provided by the Utah National Parks Council leadership and office staff for their diligent efforts in handling sensitive information. May each of us also be diligent in our various leadership roles and continue to build character, moral and spiritual values, citizenship, and physical development of the youth in the Utah National Parks Council.