You can almost hear the maniacal laughter. By some measures, one in five Americans has been hit. Another common statistic is that 10 million people fall victim every year. Making matters even scarier, new laws in California and other states have forced companies to essentially tell all U.S. consumers when their personal data have been compromised–even if the files have not actually been maliciously used. In response, Congress is considering bills to restrict the flow of personal information. And identity theft monitoring services have sprung up that can cost consumers well over $100 a year. But while it’s certainly important to be vigilant against this potentially devastating crime, it also appears identity theft is too broadly defined and often misunderstood. As a result, some experts say, lawmakers and companies might be misdirecting their anti-fraud energies. Overly fearful consumers could be unecessarily avoiding doing business on the Web.