Identity Security.
Never make photo-copies of IDs.
A lot of identity theft comes from hard drives on Copy Machines, which the asshats in government never wipe before selling their old machines to 3rd parties. Get a wallet-sized Fresnel Lense and some clear adhesive. Attach the lense to your ID's, and a copy machine won't be able to copy them (most of the time). If someone needs a copy of your IDs (and you are willing to allow them to retain one), make the copy before hand at home, don't use their copy machines. Consider using security paper for your copy to make sure the copy isn't duplicated after you hand it over.
Hospital Paperwork.
They need your insurance number and medical history, and that's it. They will ask for a lot more, and the staff usually doesn't know what's relevant or not, often insisting that all their paperwork be filled out. They can't deny you treatment for a partial form. Just say "I don't know" when they press you for more info. Don't give them information that isn't medically relevant. Hospitals are by far the worst secured data centers. Information needs to be available to Doctors, Nursing Staff, Billing people (three vocations that score extremely low on technical aptitude assessments). A lot of data is visible to temp hires, which is where a lot of fraud data collection comes from. While hospitals have good InfoSec people, they are usually understaffed, under funded, and supporting thousands of users who's password is "123456"... not the people you want to trust with your information.
Turn off Java and Flash
There is no need for any legitimate website to be using these today. They are inherently insecure, and open you up to XSS attacks. If you have a spouse who needs them for Facebook games, get a divorce. Kids... adoption. The low-tech security threats in your own home, educate them or rid yourself of them, lol. I'm serious here, when it comes to computers, you can do everything right, but if you have another user on the computer who doesn't, you might as well have no security at all. 1 person, 1 computer. No sharing computers... these days that's about as socially acceptable as sharing underwear, it's just weird.
File Early.
For personal income tax, Consider Feb. 1 your deadline, not April 15.
Death...
If a spouse dies, get something like LifeLock for the next 5 years. Dead people have a way of filing for a lot of tax returns, it's almost a certainty someone will use their info to file in the next few years as nobody really secures their ID. They just busted a coroner in Louisiana making copies of the contents of incoming wallets.. literally pickpocketing the dead for their IDs. This is an extremely common occurrence amongst hospice care workers as well.
Use an RFID shielded wallet.
Avoid large tax preparation services like H&R block. They hire a lot of seasonal temps. Many are legitimate professionals, some are crackheads. It's just a reality, you don't need to be an experienced professional to work for these places. File yourself or use a small local business that's been around for a few years and doesn't hire seasonal workers.
Incarceration, Parole, Probation for any federal crime post 2005... if any of these things apply to you or anyone you know, you'll (they'll) probably be fighting with Identity Theft for the remainder of your life. Everything needed to falsify a tax return is available through public records related to any prior conviction in several states. Identity thieves do mass collection of this data. If the records are available in one of these states, they're already compromised.
Reality:
You cannot "protect yourself" from Identity theft. Even if you do everything correctly, you are dependant on some systems which will not be good stewards of your personal information. At some point, you have gone, or will go to a hospital, and that's game over for security. The DMV, most Banks, The IRS themselves... Social Security Services, Medicare, Medicaid, Healthcare exchanges, public or private schools, including colleges and trade schools. All of these places absolutely suck at protecting your information, and it's difficult to avoid them all. Even if you do avoid them, data is still leaked through Friends and Family members which can be used to commit fraud in your name. You'd have to be hard-core off-grid to find any real security. Living as a hermit, squatting on someone else's land, and not interacting with people. Unless you identity is rendered functionally meaningless in your life, you are vulnerable.
For the past few years, police agencies have boasted about the declining rates of mugging and armed robbery. This is why. It's not that there are fewer criminals, or we've been more effective at catching them. Why would they risk a violent altercation for the $30 in your pocket, or the $200 in a cash register when they can sit back and steal thousands from hundreds of people at once, never showing their face to anyone, from thousands of miles away. Lower risk, higher reward, and it's damn hard to catch these people.
LifeLock is expensive, and it's a pain in the ass (worse than an auto-insurance company in terms of filing a claim), but they can help with the cleanup after your Identity is stolen. Their track record for prevention kinda sucks, mostly because the theft is predicated on mistakes made by you or the businesses and government institutions you deal with, which are entirely out of their control. But at the end of the day, they can help pick up the pieces a bit faster. Ignore the advertising, they cannot protect you. They can however expedite recovery after the fact. You can get better deals with them through third parties like AARP (which I don't recommend, they're basically a communist organization... look where they spend their money. Makes you wonder how many people would betray their country if Al Qaeda offered a 65 and over Denny's discount, lol... but I'm getting off topic), AOL (yeah... I know, lol. They do have some good services, just nothing Internet related) and others. Some banks even secure group rates for members. If you get it bundled with another service you actually use, it can be a lot cheaper. They were offering a credit card. Instead of "Cash Back" rewards, it basically comes bundled with LifeLock and the incentive value pays the subscription. Not sure if the protection was just for that one card or for all of them. Don't know if it ever left their test market either, but it might be worth a Google search.
Monitoring your own credit is good as an early warning to you. You will know much sooner that you have been F***ed, but it won't really keep you from getting F***ed.
There simply isn't an elegant solution or effective defense right now. Do what you can to be safe, and hope for the best. There really isn't a lot of good news on this front as our Credit, Banking and Tax systems just haven't kept pace with the criminals and show no signs of catching up any time soon.
If you want to be safe, change your name legally to ";" (yes, a semi-colon). You'll be doing paper filing for the rest of your life (if that even remains an option), but a would-be Identity Thief wouldn't be able to enter your name in any online form as it would be Regex'ed out (a security filter that prevents some character from being submitted to help prevent injection attacks on the site). That's enough to screw with the IRS and Banks too, so you'll never see a refund, lol. The cure will be worse than the disease, but at least this will let you make a stand on principal, lol.