When you break the numbers down by metropolitan statistical area (MSA), Florida's quandary grows even worse. In 2012, it was home to nine of the top 10 MSAs in America with the highest rates of identity theft complaints. No state has ever dominated that list so completely.
That's not a trend. It's an epidemic of epic proportions. And nearly three-quarters of all identities stolen in Florida were used to commit government documents or benefits fraud. That category includes a broad sweep of crime, including stolen tax refunds, stolen government benefits, and stolen or invented government-issued IDs, which enabled imposters to gain employment.
Based on the FTC's report, it's impossible to fully explain this sudden surge in Florida's overwhelming exposure to government documents fraud. Are countless undocumented workers using stolen IDs to apply for jobs? Are retirees suddenly re-entering the workforce in droves and applying for refunds? Has a crime syndicate discovered the next best thing? Your guess is as good as mine.
Given the inevitability of victimization, the only way to protect yourself is to prepare for identity theft in the same way you would death, taxes and the sequestration. Identity theft has become a rite of passage. It's one of the true certainties of life nowadays. Your identity will be stolen. Your employer will be hacked. Your organization will experience some form of database compromise that will put its reputation, customers and employees at risk.
If you are a consumer, you must minimize your risk of exposure, do whatever is necessary to detect victimization (and your credit score, if you check it regularly, can be an initial indicator that something's gone horribly wrong) and put a damage control program in place.
The same goes for institutions. If you gather Personally Identifying Information (PII) on consumers, taxpayers or clients, someday you will lose it, either through a malicious hack or due to human error. To better protect your organization: encrypt the data you collect and store, install the latest security software (and frequently update it), lock down your physical security, restrict computer access to only those who need it, continuously train and test your employees and rigorously screen all job applicants. (Note to HR departments: Don't demand Facebook user ID and password information. There's ultimately no upside to it and you could put yourself in the crosshairs of a regulator or class-action attorney.) Also, demand all of the above of your vendors.
Final note: When (not if) your systems are breached, you'll need to know the rules for breach notification in all the states where you operate (a word of warning: no two states are necessarily the same) and implement a breach response program. Notifying your victims will take money, and so will the lawyers you'll need to defend the organization from increasingly likely legal action. Have you secured the proper insurance coverage? Do you have a contingency for this in your annual budget? Failure to do this might well represent a violation of your fiduciary duty to customers, employees, partners and investors and ensure a major strike against you when regulators come knocking at your door.
Here's the reality, and this is not a simple scare tactic: At some point an identity thief is going to get you. When your identity is stolen or your organization is compromised, it's vital that you are ready for it. The time to prepare is now. Actually, it was yesterday.
Adam Levin is chairman and cofounder of Credit.com and Identity Theft 911. His experience as former director of the New Jersey Division of Consumer Affairs gives him unique insight into consumer privacy, legislation and financial advocacy. He is a nationally recognized expert on identity theft and credit.