[IP] ChoicePoint to Pay $15M for Privacy Violations
Begin forwarded message:
From: Evan Korth <korth@xxxxxxxxxx>
Date: January 26, 2006 2:52:06 PM EST
To: Dave Farber <dave@xxxxxxxxxx>
Subject: ChoicePoint to Pay $15M for Privacy Violations
http://blogs.washingtonpost.com/securityfix/
Atlanta-based data aggregator ChoicePoint today agreed to pay $15
million to settle charges that it violated federal consumer
protection laws when it allowed criminals to purchase sensitive
financial and personal data on at least 163,000 Americans.
The settlement addresses a pair of lawsuits filed against ChoicePoint
by the Federal Trade Commission and represents the largest civil
penalty ever obtained by the agency.
Last February, ChoicePoint acknowledged that crooks had gained access
to thousand of consumer records by posing as legitimate businesses.
The FTC said the company violated the Federal Trade Commission Act,
which prohibits unfair and deceptive business practices, as well as
the Fair Credit Reporting Act, which requires companies that sell
consumer credit reports to verify that those buying the information
have a "permissible reason" for doing so.
Under the agreement, ChoicePoint will pay a $10 million civil fine
and contribute $5 million to a fund that will be distributed to
consumers directly affected by the incident. FTC Chairman Deborah
Platt Majoras said the agency has identified at least 800 consumers
who experienced identity fraud as a direct result of the ChoicePoint
breach.
"Companies like ChoicePoint are realizing that it is a bad business
practice to ignore the security of consumer data," Majoras said. The
settlement, she said sends the message that companies that deal in
consumer data "must guard the front door -- through procedures for
verifying and identifying customers -- as well as guard the backdoor
against hackers."
The settlement requires ChoicePoint to conduct physical site visits
of new and existing customers; to conduct security risk assessments
and audits with a designated third party every two years until 2026.
For background on the ChoicePoint case, read: "ChoicePoint Data Cache
Became a Powder Keg: Identity Thief's Ability To Get Information Puts
Heat on Firm" (Post, March 5, 2005), and "ChoicePoint Victims Have
Work Ahead: Eternal Vigilance Is Price of Credit" (Post, Feb. 23, 2005).
See also ChoicePoint's consumer privacy Web site.
By Brian Krebs | Permalink* | Comments (0) | TrackBack (0)
Posted at 09:52 AM ET, 01/25/2006
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/