- The Washington Times - Tuesday, March 15, 2005

ChoicePoint’s chief executive officer told Congress yesterday the company would be more restrictive in selling consumer information after a security breach that exposed 145,000 consumers to identity theft.

Members of a House Energy and Commerce Committee questioned ChoicePoint CEO Derek Smith about whether the government should intervene to protect personal information.

They suggested new laws to prohibit companies from selling Social Security numbers and require them to notify consumers immediately after security breaches. And lawmakers asked whether there should be new government standards for the credentials given to employees with access to consumer data.

Mr. Smith apologized to Congress and said the security breach last fall in California prompted “serious soul-searching” for the Alpharetta, Ga., company.

Identity thieves presented ChoicePoint with fraudulent business licenses to gain access to consumer names, addresses, Social Security numbers, driver’s license numbers and financial histories.

ChoicePoint announced the security breach on Feb. 15.

“In retrospect, the company should have acted more quickly,” Mr. Smith said.

As a result of the scandal, “ChoicePoint will no longer sell information products containing sensitive consumer data,” except to government agencies and select businesses for a “specific consumer-driven transaction or benefit,” Mr. Smith said.

Several members of Congress were reluctant to believe industry executives would do enough to protect personal consumer data without standards enforced by the government.

“What we’re hearing today is an industry still in denial, still doesn’t recognize how many Americans value their privacy and are hoping to ride out this standard without having Congress make the changes necessary,” said Rep. Edward J. Markey, Massachusetts Democrat.

Rep. Joe L. Barton, Texas Republican, said current laws should be changed so companies could sell Social Security numbers only if they have permission from consumers.

“I’ve not heard anything that would explain why we should allow that to go on,” he said.

Rep. Cliff Stearns, Florida Republican and subcommittee chairman, estimated losses from identity theft at “almost $50 billion for businesses and $5 billion for consumers.”

Mr. Smith and Kurt P. Sanford, chief executive officer of Dayton, Ohio-based LexisNexis, a legal publisher that had a recent security breach involving 32,000 customers, agreed criminal penalties for identity theft should be made tougher.

However, they resisted suggestions to ban all sales of Social Security numbers. The sales could be important for law enforcement and debt collection, they said.

ChoicePoint has offered customers victimized by its security breach a free credit monitoring service for one year, a toll-free customer service telephone number and Web site for inquiries and free credit reports.

Mr. Markey said it was “absolutely preposterous” to believe the one-year credit monitoring service was long enough to deter identity thieves.

Deborah Platt Majoras, Federal Trade Commission chairman, said Congress should broaden the enforcement of current laws, such as the Fair Credit Reporting Act, to protect consumer information. The act prohibits distribution of credit information by consumer reporting agencies except for “permissible purposes.”

She also said consumers should be given an “opt-in, opt-out” choice on whether companies can share their information with other institutions.

However, she warned against government restrictions that are too far-reaching.

“The key is not to squelch use of Social Security numbers,” she said.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide