In corporate identity management I've been a long advocate of permanent identifiers for staff and clients. When Bob Jonkman has left the Example.net company, the id bjonkman@example.net should be permanently blocked from use, so that when Bill Jonkman joins the company he doesn't receive or use the bjonkman@example.net ID. Sadly, the perception of "wasted storage" and "additional maintenance" for these now-invalid IDs seems to sway corporate policy, and several organizations I've worked for do re-use old IDs from previous employees. I don't know if that's ever resulted in identity theft, or even identity confusion (mis-directed mail), but the possibility exists. I guess the risk wasn't considered high enough to budget for all that "wasted storage" and "additional maintenance".