March 4, 2005 9:12 AM PST

ChoicePoint faces inquiry, will curtail data sales

Facing an SEC inquiry over its business practices, ChoicePoint says it will exit some parts of the personal data business and sell information only in situations where specific criteria are met.

The inquiry and the planned business changes, announced Friday, both come on the heels of a scandal that left thousands of consumers vulnerable to identity theft.

Now, the company says it will no longer sell "sensitive" data, including Social Security and driver's license numbers, "except where there is a specific consumer-driven transaction or benefit, or where the products support federal, state or local government and criminal justice purposes," CEO Derek Smith said in a statement.

Guide to Scam Traps

Despite ChoicePoint's pledge to change its business practices, the company is already preparing for a tidal wave of potential legal activity because of the data scandal. The Federal Trade Commission, the U.S. Securities and Exchange Commission and a number of state attorneys general have already informed the company that they have launched investigations into various aspects of its operations. In a document filed with the SEC, ChoicePoint detailed claims brought by those officials and described new calls for the review of commercial data-handling procedures by "a number of congressional leaders."

According to the filing, the SEC is also conducting an "informal inquiry" into the possibility that Smith violated trading laws in some recent stock transactions. The company said the FTC is investigating its compliance with federal laws on consumer information security, specifically how ChoicePoint verified the credentials of the people allegedly responsible for the data theft.

Smith could not immediately be reached for comment.

Atlanta-based ChoicePoint provides consumer data services to insurance companies, other businesses and government agencies.

Last month, the company revealed that scam artists had gotten access to personal data on about 145,000 people, resulting in at least 750 cases of identity theft. The scandal has prompted calls for new legislation to protect consumers' privacy rights.

A separate lawsuit targeting ChoicePoint has been filed in Los Angeles Superior Court by a woman who has accused the company of fraud and negligence for its alleged inability to protect consumers' data.

Now the company says it is planning substantial changes to its business. It will sell personal information only if the data is needed for one of three general reasons: to support consumer-driven transactions necessary to maintain relationships such as those with insurers or employers, or to provide consumers access to their own data; to provide authentication or fraud-prevention tools to large, accredited corporate customers where consumers have existing relationships; or to assist federal, state and local government and criminal justice agencies.

ChoicePoint said it will continue to serve most of its customers. But the changes will affect the availability of its products in certain markets, particularly to small businesses.

In addition, the company said it will set up a credentialing, compliance and privacy office, which will report to the board of directors, to oversee improvements in customer credentialing and set up a faster incident-reporting process.

The changeover should be completed in the next 90 days, ChoicePoint said. The moves are expected to cost the company between $15 million and $20 million in sales during 2005 and to reduce earnings per share by 10 cents to 12 cents.

"These changes are a direct result of the recent fraud activity, our review over the past few weeks of our experience and products, and the response of consumers who have made it clear to us that they do not approve of sensitive personal data being used without a direct benefit to them," Smith said in the statement.

"We apologize again to those consumers that may be affected by the fraudulent activity. We remain committed to helping them take active steps to protect their personal data and to assisting law enforcement officials who are investigating the attacks on consumers' identities."

5 comments

Join the conversation!
Add your comment
Biggest bad guy puts on a white hat...
These measures are tough, rational, and serious, which is the opposite of how most companies of this type handle security breaches, so for now you have my respect. I don't accept the idea that there should be companies out there gathering and disseminating this kind of private information without permission of the subject, but these measures would seem to take Choicepoint out of that category and make its data available only for "opt-in" transactions. Don't forget, please, to hold "law enforcement" customers to the same scrutiny as your corporate customers. They will be more likely than other customers to misuse data or obtain it under false pretenses...
Posted by Razzl (1318 comments )
Reply Link Flag
ChoicePoint Had A Previous Security Breach
The Mercury News reported on Wednesday that ChoicePoint had a security breach back in 1992. They fell for a Nigerian scam. No, I am not making this up.

<a class="jive-link-external" href="http://www.siliconvalley.com/mld/siliconvalley/business/special_packages/security/11031011.htm" target="_newWindow">http://www.siliconvalley.com/mld/siliconvalley/business/special_packages/security/11031011.htm</a>
"Posted on Wed, Mar. 02, 2005
ChoicePoint had another ID theft case in 2002

ATLANTA (AP) - A newly revealed case shows that the vast commercial database of personal information at ChoicePoint Inc. was tapped by identity thieves in 2002 -- contradicting a statement by its CEO that a much more recent breach was the first of its kind.

A Nigerian-born brother and sister were charged in 2002 with a scam in which they posed as legitimate businesses to set up ChoicePoint accounts and gain access to its massive database. They then made 7,000 to 10,000 inquiries on names and Social Security numbers in the database and used some of those identities to commit at least $1 million worth of fraud, Assistant U.S. Attorney Mark Krause in Los Angeles said Wednesday."

Keith
www.techcando.com
Posted by Stating (869 comments )
Reply Link Flag
Derek Smith Should Be Fired
This Derek Smith is a real piece of work.

He was on a national news show (I think 60 Minutes) saying that his firm had a right to keep information on all Americans and that annonymity was not a right.

I guess he meant that his firm and others like it have a right to buy any information they can get their hands on, aggregate it into a database and sell it to anyone who has the money to pay for it.

He an his firm even offered to help set up a new commission and rules to govern private information. This reminds me of a criminal who "gets religion" just prior to being sentenced to jail. No thanks Mr Smith, we need rules to protect us from companies like yours.

He has also done a great job for his shareholders, who I am sure are happy with the recent drop in the stock price while Mr Smith has exercised his options at a profit.

Mr. Smith should be relieved from his position at ChoicePoint. He should be barred from this industry and if he is found guilty of wrong doings by the SEC he should be barred from running any public company.

I would not want to be in this guy's shoes. By the time the regulatory agencies, attorneys general and the plaintiffs lawyers get through with him, being an identity theft victim will look like a walk in the park.
Posted by (17 comments )
Reply Link Flag
Why do they sell info with SSN's
I don't understand why they were ever allowed to include your social security number in these reports. With Identity theft at such a large number (1/12), this should of been removed from the report. Also, who is going to hold them responsible for this?
Posted by ntulip (1 comment )
Reply Link Flag
i wish i had read your story on scams before i bought on line
thought i was buying lime wire pro well a mp3 down load co. was hiding behind lime wire logo so for 19.95 i got limewire basic witch is free and on top of it all they charged me twice. and b of a is no help
Posted by (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.