White Papers Regarding Red Flag Rules and Identity Theft:

Red Flag Rules FAQ — Deadline extended until August 1, 2009
May 2009
Harvard Risk Management Corporation
On October 31 2007, a joint committee of the OCC, Federal Reserve Board, FDIC, OTS, NCUA and the Federal Trade Commission passed the final legislation for Section 114 of the Fair and Accurate Credit Transactions Act of 2003 (FACTA), also known as the Identity Theft Red Flags and Notices of Address Discrepancy or "Red Flag Rules." The rules require that all organizations subject to the legislation must develop and implement a formal, written and revisable "Identity Theft Prevention Program" (Program) to detect, prevent and mitigate identity theft. The original November 1, 2008 enforcement date for the Rule was previously postponed to May 1, 2009 and is now August 1, 2009. The FTC's most recent delay acknowledges the ongoing debate regarding whether Congress wrote the Red Flags provision too broadly and allows time for further consideration. The delay will also allow affected organizations more time to prepare and develop their compliance strategy. 

Data Breach Incidents: Don't assume a breach has happened before an investigation has been done
August 2007
University Business
By Alan Brill and Jim Leonard
Summary: While reports of university network hacking are becoming more prevalent, the reality is not always what it seems. In the past year, a number of schools have determined that hacker-related incidents they thought had happened in fact had not. What follows is one such incident, a cautionary tale that ultimately saved untold time and expense.
http://www.universitybusiness.com/viewarticle.aspx?articleid=836

Botnets and Hackers and Spam (Oh, My!)
June 2007
OnGuard Online
Summary: Hackers and spammers find a way to invade computers secretly and hide software to get access to the information on your computer, including your email program.  Once on your computer, they can spy on your Internet surfing, steal your personal information, and use your computer to send spam to other computers without your knowledge.  Computers that are taken over this way are referred to as “botnets”.  There are ways to help reduce your risk of becoming part of a bot, including limiting access into your computer.  This article provides ways to help you secure your computer.
http://onguardonline.gov/docs/onguardonline_botnet.pdf

Recommended Practices on Notice of Security Breach Involving Personal Information
February 2007
California Office of Privacy Protection
Summary: Identity theft has been called the crime of the 21st century, favored, according to law enforcement, for its low risks and high rewards.  Not only do identity theft victims have to spend money out of their pocket to clear up their records, but they also must devote their time to doing so.  Precisely how most identity theft occurs and the role of information security breaches is not clear.  One academic study found that in over half of the crimes, insiders in organizations were involved.  This article outlines recommendations that can serve as guidelines for organizations, to assist them in providing timely and helpful information to individuals whose personal information has been compromised while in the organization’s care. 
http://www.privacyprotection.ca.gov/recommendations/secbreach.pdf

Keeping Laptops from Getting Lost or Stolen 
June 2007
OnGuard Online
Summary: You may have taken steps to secure the data on your laptop, but what about the laptop itself?  A minor distraction is all it takes for your laptop to disappear.  If it does, you may lose more than just an expensive piece of equipment.  If your data protections are not quite secure enough, you could be subject to identity theft.  OnGuard Online suggest tips to keep in mind when taking your laptop out and about.
http://onguardonline.gov/docs/onguardonline_laptopsecurity.pdf

Data Security Breaches: Context and Incident Summaries
January 29, 2007
CRS Report for Congress, CRS Web
Summary: Personal data security breaches are being reported with increasing regularity.  During the past few years, there have been numerous examples of hackers breaking into corporate, government, academic, and personal computers and compromising computer systems or stealing personal data, as well as medical and student records.  These breaches occur not only because of illegal or fraudulent attacks by computer hackers, but often because of careless business practices, such as lost or stolen laptop computers, or the inadvertent posting of personal data on public websites.  A recent infamous example occurred in May 2006, when a Veterans Affairs data analyst took home a laptop computer containing personal data of 26.5 million veterans, which was later stolen in a burglary.  This report catalogs the U.S. data breaches recorded between 2000-2007 in the following industries: financial services, education, healthcare, government and other business areas.
http://www.fas.org/sgp/crs/misc/RL33199.pdf

Identity Theft Task Force Announces Interim Recommendations
US Federal Trade Commission; September 19, 2006
WHITE PAPER: Recommendations for government policies and goals with respect to id theft and data security breaches.
http://www.ftc.gov/opa/2006/09/idtheft.htm

Protecting Your Assets: The Impact of Security Violations in the Global Financial Services Industry
byEMC Corporation
WHITE PAPER: Posted: 31 Jul 2006 | Published: 01 Apr 2006
SUMMARY: This Financial Insights white paper, sponsored by EMC in June 2006, provides high-level insights on ensuring the security of financial services organizations.
http://www.bitpipe.com/detail/RES/1154349684_158.html

Data Breaches and ID Theft
Prepared by the Federal Trade Commission
June 16, 2005
Senate Committee on Commerce, Science, and Transportation
http://www.ftc.gov/os/2005/06/050616databreaches.pdf