What about at an individual level -- what do employees or consumers or online shoppers and others do to mitigate the risk of ID theft?

It's many of the very same things, but only on a smaller scale. Consumers and small businesses may store less confidential information than enterprises -- but that data is no less important.

So they too have to look at where they keep their information, and ask themselves, for instance: "Do I want to store my credit card information in a file on my computer? Do I want to have the browser remember my input information in the forms?

They should make sure they have anti-virus or their desktop or laptop, that they are using a firewall, careful that the types of information they give out online is not just their phone number -- but they are cautious about buying things online and using their credit card.

There are a lot of shady Web sites out there that look very professional. It's not that people should not shop online. But they should exercise a healthy dose of skepticism when they do that -- just as they would when shopping in the non-virtual world.