Saturday, February 26, 2005

Afraid of commitment

When last we saw the Atlanta-based databroker ChoicePoint, it had sent letters to 35,000 Californians alerting them that personal information had been inadvertently given to criminals bent on committing identify theft (some previous ChoicePoint posts here and here). But the problem was not limited to Californians. It was just that only California required notification. Now the company admits that the number of compromised individuals may be as high as 150,000 and that the leak occurred over a year's time. ChoicePoint knew of the problem in October but notified no one until January.

An excellent article in SFGate.com by David Lazarus contains more gory details:
As many as a dozen accomplices -- still at large -- are suspected to have been part of the scam. Among the information they obtained were people's credit reports, driver's license numbers, bankruptcy files and property records.

Investigators believe the perpetrators were in the process of changing the mailing addresses of at least 750 consumers -- a common first step before running up bills with fraudulently obtained credit cards.

[ . . . ]

ChoicePoint, based outside Atlanta, was created in 1997 as a spin-off from Equifax, one of the leading credit-reporting agencies. Its original purpose was to analyze claims on behalf of the insurance industry.

That mission evolved and expanded as ChoicePoint went on a buying spree, acquiring about 60 other firms with businesses ranging from data collection and background checks to DNA analysis and direct marketing.

ChoicePoint is now one of the leading data brokers in the country, acting as a sort of private intelligence service for both corporate and government clients (including the FBI).

The company had about $900 million in sales last year and is believed to have more government clients than its two main rivals, LexisNexis and Acxiom.

"Any interaction where you give up personal information can create an opportunity for them to obtain it and put it in their database," said Chris Hoofnagle, who heads the San Francisco office of the Electronic Privacy Information Center.

"You get arrested, you get married, you have a child -- ChoicePoint can get copies of the records and sell it," he said. "If you've ever had dealings with the government, they have information about you."
Bad news. So now there are calls for some federal oversight of what is essentially an unregulated business activity.
"ChoicePoint is not averse to regulation," Jones said. "ChoicePoint is in favor of a broad-ranging national discussion on this to make clear the parameters of the privacy-versus-security issue."

But he disputed charges that his company casts an unacceptably long shadow over the lives of virtually all Americans.

"That's one perception," Jones said. "But individuals who hold that perception are not cognizant of ChoicePoint's sincere commitment to a more secure society through responsible use of information."
OK. Now I'm "cognizant" of it. What about all the people they sold my personal information to? Do they share ChoicePoint's commitment? Like the thieves ChoicePoint gladly gave it to and now are upset because they won't get paid?

Maybe I'm just afraid of commitment. Read Lazarus's whole article. (hat tip: Dan Gilmor's blog)