[ news_security_news ]
ChoicePoint Chokes Up $15 Million On Privacy Violations
John Stith
Staff Writer
2006-01-27
 Insider Reports RSS Feed
Atlanta-based ChoicePoint agreed to settle up with the Federal Trade Commission (FTC) for lean $15 million on charges of violating consumer protection laws. The charges said ChoicePoint allowed criminals access to lots of personal financial information on upwards of 163,000 people.
There were actually two lawsuits involved and the fines represent the largest civil settlement in FTC history. $10 million will be paid in penalties and $5 million will to help repay consumers for their losses.
The other part of the settlement requires ChoicePoint to implement new security procedures that will help ensure consumer reports only go to legitimate businesses for lawful purposes.
"The message to ChoicePoint and others should be clear: Consumers' private data must be protected from thieves," said Deborah Platt Majoras, Chairman of the FTC. "Data security is critical to consumers, and protecting it is a priority for the FTC, as it should be to every business in America."
The FTC alleges that ChoicePoint did not have reasonable procedures to screen prospective subscribers, and turned over consumers' sensitive personal information to subscribers whose applications raised obvious "red flags." Indeed, the FTC alleges that ChoicePoint approved as customers individuals who lied about their credentials and used commercial mail drops as business addresses. In addition, ChoicePoint applicants reportedly used fax machines at public commercial locations to send multiple applications for purportedly separate companies.
The report said:
According to the FTC, ChoicePoint failed to tighten its application approval procedures or monitor subscribers even after receiving subpoenas from law enforcement authorities alerting it to fraudulent activity going back to 2001.
The FTC charged that ChoicePoint violated the Fair Credit Reporting Act (FCRA) by furnishing consumer reports - credit histories - to subscribers who did not have a permissible purpose to obtain them, and by failing to maintain reasonable procedures to verify both their identities and how they intended to use the information.
The agency also charged that ChoicePoint violated the FTC Act by making false and misleading statements about its privacy policies. Choicepoint had publicized privacy principles that address the confidentiality and security of personal information it collects and maintains with statements such as, "ChoicePoint allows access to your consumer reports only by those authorized under the FCRA . . . " and "Every ChoicePoint customer must successfully complete a rigorous credentialing process. ChoicePoint does not distribute information to the general public and monitors the use of its public record information to ensure appropriate use."
Perhaps this will be a wakeup call to other companies who remain careless in their care of the privacy of those they are doing business with. There are many methods of checking out legitimacy of businesses and ChoicePoint obviously didn't take care to do that. Privacy is tough enough to guard without companies just giving it away.
Add to | DiggThis| Yahoo My Web
About the Author:
John is a staff writer for SecurityProNews covering cyber security.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
