March 15, 2005 1:01 PM PST

ChoicePoint: We're sorry for data leak

The chairman of ChoicePoint, which disclosed the personal information of 145,000 Americans to identity thieves, publicly apologized on Tuesday for the data mishap.

ChoicePoint's Derek Smith, also the chief executive, told a congressional committee he wanted to offer an "apology on behalf of our company," which he said would help anyone who suffered identity fraud as a result. The data disclosure has led to 750 known cases of identity fraud so far.

The incident "has caused us to undergo some serious soul-searching," Smith said. ChoicePoint is a data warehouse that compiles electronic dossiers on Americans and sells them to insurance companies, other businesses and police agencies.

Smith's apology comes as Congress considers new laws in response to a series of security snafus involving not just ChoicePoint but also Bank of America, payroll provider PayMaxx and Reed Elsevier Group's LexisNexis service. A U.S. Senate committee held a hearing on the security of sensitive consumer information last week.

During Tuesday's hearing, two legislative approaches seemed to be the most popular: restricting the sale of Social Security numbers, and requiring companies to disclose to people when a serious security breach of their information takes place. Some states already are considering such security breach requirements, and California has enacted such a law.

Rep. Joe Barton, a Texas Republican who chairs the Energy and Commerce Committee, asked whether there was "any reason why we should not make it illegal to trade a person's Social Security number, and the data that goes with it, without their permission?"

Deborah Platt Majoras, who chairs the Federal Trade Commission, said she generally agreed with such a rule. The only exception, Majoras said, was perhaps when police or private investigators are "tracking down criminals."

But ChoicePoint's Smith said that he wasn't willing to agree that such a law would be wise.

"I'd have to better understand the definition of 'sale' and how it's done," Smith said in response to a question from Rep. Edward Markey, a Massachusetts Democrat. "There are certain circumstances where the sale of those numbers are in the consumer's best interests."

Kurt Sanford, CEO of LexisNexis, agreed: "I would not support a blanket ban on the sale of Social Security numbers."

6 comments

Join the conversation!
Add your comment
Don't want them to have my data
I'm not a privacy freak but I don't trust any of these bastards with data about me - especially passing around my SSN.
Posted by jm808 (12 comments )
Reply Link Flag
Don't want them to have my data
I'm not a privacy freak but I don't trust any of these bastards with data about me - especially passing around my SSN.
Posted by jm808 (12 comments )
Reply Link Flag
ChoicePoint Doesn't Think it Wise. Outrageous!
"Rep. Joe Barton, a Texas Republican who chairs the Energy and Commerce Committee, asked whether there was "any reason why we should not make it illegal to trade a person's Social Security number, and the data that goes with it, without their permission?"

Deborah Platt Majoras, who chairs the Federal Trade Commission, said she generally agreed with such a rule. The only exception, Majoras said, was perhaps when police or private investigators are "tracking down criminals."

But ChoicePoint's Smith said that he wasn't willing to agree that such a law would be wise. "

What!! ChoicePoint doesn't think it would be wise for me to have the ability to say who gets my data and who doesn't?

Congress, get this: it is OUR information, not ChoicePoints. The FTC Chair is correct, and I believe it needs to be made mandatory!
Posted by (274 comments )
Reply Link Flag
ChoicePoint Doesn't Think it Wise. Outrageous!
"Rep. Joe Barton, a Texas Republican who chairs the Energy and Commerce Committee, asked whether there was "any reason why we should not make it illegal to trade a person's Social Security number, and the data that goes with it, without their permission?"

Deborah Platt Majoras, who chairs the Federal Trade Commission, said she generally agreed with such a rule. The only exception, Majoras said, was perhaps when police or private investigators are "tracking down criminals."

But ChoicePoint's Smith said that he wasn't willing to agree that such a law would be wise. "

What!! ChoicePoint doesn't think it would be wise for me to have the ability to say who gets my data and who doesn't?

Congress, get this: it is OUR information, not ChoicePoints. The FTC Chair is correct, and I believe it needs to be made mandatory!
Posted by (274 comments )
Reply Link Flag
Thank You Derek!
I for one, would like to personally thank you Derek for being so willing to speak for me as a consumer. I am certainly willing to let other persons receive financial gain from selling my personal information. Thanks Derek, you are quite a hero in my book. And yes Derek, I accept your wholehearted apology.

I do have one question however. Can you further explain what "serious soul-searching" means for a company such as yours? I mean, does this include improving security measures, or just getting better lawyers to seek out loopholes and defend your company against liability? And as far as your response to Rep. Markey

"I'd have to better understand the definition of 'sale' and how it's done,"

What the hell does that mean? Don't you 'sell' data now? Didn't you 'sell' data to thieves posing as 'legitimate' businesses for more than 2 years? If you don't know what 'selling' data means, who does?

No need to reply Derek, as I am certain your statement would most likely begin with the now familiar "I'd have to better understand...".


Sarcastically Yours,

Joe Consumer
Posted by mooselite (3 comments )
Reply Link Flag
Thank You Derek!
I for one, would like to personally thank you Derek for being so willing to speak for me as a consumer. I am certainly willing to let other persons receive financial gain from selling my personal information. Thanks Derek, you are quite a hero in my book. And yes Derek, I accept your wholehearted apology.

I do have one question however. Can you further explain what "serious soul-searching" means for a company such as yours? I mean, does this include improving security measures, or just getting better lawyers to seek out loopholes and defend your company against liability? And as far as your response to Rep. Markey

"I'd have to better understand the definition of 'sale' and how it's done,"

What the hell does that mean? Don't you 'sell' data now? Didn't you 'sell' data to thieves posing as 'legitimate' businesses for more than 2 years? If you don't know what 'selling' data means, who does?

No need to reply Derek, as I am certain your statement would most likely begin with the now familiar "I'd have to better understand...".


Sarcastically Yours,

Joe Consumer
Posted by mooselite (3 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.