State agencies are the trusted stewards of Texans’ PII and need support
- Texas ranks fourth in the nation for highest incidence of identity theft complaints.
- The State of Texas is a vulnerable and high-value target: Texas holds hundreds of millions of records containing personally identifiable information (PII).
- Criminals target state agencies because of the massive amounts of personal data they hold.
- Fraudsters use synthetic identities (identities derived from PII from multiple individuals) or PII stolen in a data breach to gain access to benefits and services.
- People, policy, and technology solutions are urgently required (35% percent of identity theft is the result of an inside job).
- Employees gain unauthorized access to, and use, PII held by their employers.
State agencies are already using the Center for Identity as a resource
The Center is eager to educate and deliver solutions and resources to state agencies. Center assistance for state agencies has started and will grow. For example:
- TEA is discussing the sharing of privacy curriculum associated with the Center’s educational game, Beat the Thief.
- TWC is interested in collaborating and leveraging research to detect fraud.
- TRS has requested help with maintaining member privacy.
- HHSC seeks Center oering best practices for the protection of vital records, as well as new initiatives on the
- protection of PII and on vetting of employees and vendors with access to and management of PII.
- DIR asked the Center to serve served on its Cybersecurity Workforce subcommittee to identify Texas’ staffing gaps in cybersecurity and identity management among state agencies.
- CPA educated employees using Center short courses for managers regarding the value of PII and privacy.
The Center for Identity is eager to work with state agencies to:
- Be proactive in preventing security breaches and fraud rather than simply responding after the fact.
- Understand the continually changing landscape and to stay ahead of the hackers in terms of knowledge and training.
- Mitigate the risk of lawsuits; having employees trained in various critical areas may prevent or lessen the impact of a lawsuit should a data breach occur.
- Provide training to both PII handlers and their managers at state agencies to help improve organizational approach, processes, and culture pertaining to identity security. CID training will include general best practices, up-to-date
- threat forecasting and analysis, and concrete recommendations surrounding the collection, handling, storing, and disposal of sensitive data. This training can be delivered in the form of workshops with supporting printed materials, as well as flexible online/digital training modules.
- The Center is currently working on an extensive research-based project to provide PII/Data Security Scorecards for both public- and private-sector organizations. The scorecards will enable CID to assist an agency in identifying gaps in policies, practices and technology regarding identity management, security and privacy, and then offer recommendations and solutions to fill those gaps.
* Data from the Center Identity Threat Assessment and Prediction (ITAP) project.