RSS
ChoicePoint To Pay Up For Data Leaks And Keep On Going
from the who-does-this-help dept
ChoicePoint, the company that leaked the personal info of a huge number of people to identity thieves last year, will pay a $10 million fine to the FTC and put another $5 million in a fund to help victims of its security breach. The company, of course, has admitted no wrongdoing, but says it's changed it policies in light of the leak. But given how the number of people the company said were affected kept growing and growing -- even months later -- and the fact that they'd sold information to scammers before, can they really be trusted? The government thinks so, apparently, having given ChoicePoint a huge IRS contract just a few months after the leak. So the company can just move right along, while victims could feel the effects for years to come, particularly since they have little recourse. Of course, fines like this one don't really seem to be doing much, anyway -- just yesterday a financial-planning firm said an employee's laptop that was stolen contained personal information on 226,000 customers and financial advisers. Like ChoicePoint, it will probably just chalk up any fine as a cost of doing business.
I have an idea...
75 Questions To Help You Write An RFP For Website Design
App Developer Conversations: Successful Fundraising Techniques
I’m looking for policy...
Policy Resources: Data Privacy & Security
Policy Resources: Software Patents
I have a business...
To Understand The Data Move It Closer
How To Successfully Get Your App Into China
Reader Comments (rss)
(Flattened / Threaded)
FTC Wins!
[ reply to this | link to this | view in chronology ]
Hate me if you want...
The thing that gets me is that people keep coming back and bashing ChoicePoint, but don't seem to have the same venom for the dozens of other companies and institutions that have reported leaks. Take, for instance, the University of Colorado. They have had three leaks in 2005 as well. How about LexisNexus - about 318,000 (more than ChoicePoint) potential victims. State of Georgia DMV, 465,000 potential victims. Wachovia, Bank of America, PNC Financial Services Group and Commerce Bancorp: 676,000 potential victims.
These numbers are from the Privacy Rights Clearinghouse page here (privacyrights.org) and I only picked a couple big ones that were related to people actively seeking the data (dishonest insiders, hacking, etc). You could just as easily point out Bank of America's lost backup tape with 1.2 MILLION records on it, but that tape could justifiably be lost and not in the hands of a criminal.
Yes, CP did a bad thing. Yes, they will pay. Yes, their company name will be associated with data INsecurity for a long time to come. But just because they were the first big one, doesn't mean they were the worst - just the one that was looked at the most.
[ reply to this | link to this | view in chronology ]
Re: Hate me if you want...
CP's whole business is giving out data, and in this case, they were HANDING OUT the data to a group of crooks. That's a lot worse than simply losing a backup tape or having an employee swipe some data. Your whole business is supposed to be with that data, and you'd think that you would take a lot more care of it.
That's why people focus on CP.
[ reply to this | link to this | view in chronology ]
ChoicePoint
[ reply to this | link to this | view in chronology ]
CP & business costs
How does ChoicePoint's $15m in punitive expenses balance against
the revenue CP got from illegally selling their victim's personal data?
Those of us who are not CEOs, corporate bean counters, or identity thieves wonder.
Carlo's '...cost of doing business' closing remark hit the nail on the head.
Signs of the times: Enron, ChoicePoint, & the Whitehouse.
[ reply to this | link to this | view in chronology ]
Add Your Comment