By Eduard Goodman


Fly-by-night and unscrupulous identity theft service providers are to be expected in an industry with a lot of growth potential and countless victims. But they’ve always bothered me.

That’s why I was more than happy to participate in the working group that drafted the Consumer Federation of America’s Best Practices for Identity Theft Services. Setting basic standards is a win for the industry and a win for the consumer.

The Best Practices asks companies to clearly explain to consumers why their personal information is needed and how it will be used. It also recommends that they have readily available and transparent privacy policies. The section on privacy is reasonable and easy to understand. It does a good job of laying out basic expectations for providers.

Surprisingly, a number of companies have found that agreeing to follow these guidelines is problematic—mainly because of the privacy requirements. These businesses don’t value transparency of their practices for handling consumers’ personal information.

Now, I realize that the CFA document is not meant for nonprofits or government agencies. It’s intended for private companies who make money by helping people protect against, monitor and recover from identity fraud crimes.

This only drives home what a compelling business argument being pro-privacy makes in our industry. Not agreeing to the Best Practices because you can’t follow the privacy obligations is tantamount to a wind power or solar panel company saying it doesn’t believe in recycling. It’s counter to what the industry is all about. If you can’t be bothered to get your privacy house in order, good riddance.

FTC Chairman Jon Leibowitz said it best in his remarks for the Preliminary FTC Staff issued last December: “Some in industry support what we’re doing, but we know that others will claim we’re going too far. To those highly paid professional naysayers, I have only one question: What are you for? Because it can’t be the status quo on privacy.”

Eduard Goodman, Chief Privacy Officer,

An internationally trained attorney and privacy expert, Eduard has more than a decade of experience in privacy law, fraud and identity management. He is a member of the state bar of Arizona and served as the 2008-2009 section chair of the bar’s Internet, E-Commerce & Technology Law Practice Section.

Leave a Reply