Privacy protections should be embedded into products and services.
Organizations (including private companies, nonprofits, and government entities) should clearly communicate:
Policymakers should conduct oversight on data brokers to ensure transparency and accountability. Data brokers should be required to register with a regulator.
Policymakers should protect against the misuse of data, including:
Policymakers and the private sector should ensure that organizations effectively protect against unauthorized access to or misuse of personal information.
Organizations must effectively inform consumers about how their personal information is secured and what actions will be taken in the event of a security breach.
Companies, government agencies, and individuals should protect the unauthorized use, display, collection, and sale of SSNs. Criminal and civil penalties for SSN misuse should be increased.
Federal policymakers should strengthen protections and enforcement against identity theft.
Policymakers should enact consumer protections and should eliminate deceptive practices. Mail solicitations should not appear to come from the government.
Public-benefit programs should ensure that families headed by grandparents and other caregiver relatives receive sufficient support for economic security and well-being.