<<< Date Index >>>     <<< Thread Index >>>

[IP] ChoicePoint to Pay $15M for Privacy Violations





Begin forwarded message:

From: Evan Korth <korth@xxxxxxxxxx>
Date: January 26, 2006 2:52:06 PM EST
To: Dave Farber <dave@xxxxxxxxxx>
Subject: ChoicePoint to Pay $15M for Privacy Violations


http://blogs.washingtonpost.com/securityfix/

Atlanta-based data aggregator ChoicePoint today agreed to pay $15 million to settle charges that it violated federal consumer protection laws when it allowed criminals to purchase sensitive financial and personal data on at least 163,000 Americans.

The settlement addresses a pair of lawsuits filed against ChoicePoint by the Federal Trade Commission and represents the largest civil penalty ever obtained by the agency.

Last February, ChoicePoint acknowledged that crooks had gained access to thousand of consumer records by posing as legitimate businesses. The FTC said the company violated the Federal Trade Commission Act, which prohibits unfair and deceptive business practices, as well as the Fair Credit Reporting Act, which requires companies that sell consumer credit reports to verify that those buying the information have a "permissible reason" for doing so.

Under the agreement, ChoicePoint will pay a $10 million civil fine and contribute $5 million to a fund that will be distributed to consumers directly affected by the incident. FTC Chairman Deborah Platt Majoras said the agency has identified at least 800 consumers who experienced identity fraud as a direct result of the ChoicePoint breach.

"Companies like ChoicePoint are realizing that it is a bad business practice to ignore the security of consumer data," Majoras said. The settlement, she said sends the message that companies that deal in consumer data "must guard the front door -- through procedures for verifying and identifying customers -- as well as guard the backdoor against hackers."

The settlement requires ChoicePoint to conduct physical site visits of new and existing customers; to conduct security risk assessments and audits with a designated third party every two years until 2026.

For background on the ChoicePoint case, read: "ChoicePoint Data Cache Became a Powder Keg: Identity Thief's Ability To Get Information Puts Heat on Firm" (Post, March 5, 2005), and "ChoicePoint Victims Have Work Ahead: Eternal Vigilance Is Price of Credit" (Post, Feb. 23, 2005).

See also ChoicePoint's consumer privacy Web site.

By Brian Krebs | Permalink* | Comments (0) | TrackBack (0)
Posted at 09:52 AM ET, 01/25/2006


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/