ChoicePoint Promises To Write 'Personal Information Should Be Protected' 500,000 Times, Promises Not To Do It Again
from the pointless dept
ChoicePoint had already been hit with $15 million in fines and damages for, what was at the time, the largest credit-card data leak ever (though it lost that title to TJX earlier this year). But 44 states have gotten in on the action, hitting the company with a staggering $500,000 more and an agreement that it will put better security in place. ChoicePoint says it has reformed its ways and is working to solve its problems, but forgive us for being skeptical -- particularly when the company seems to have another big problem, in the form of incorrect data. The new deal with the states says that ChoicePoint will extend the same, supposedly better level of protection to all its consumer records, instead of just those covered by the Fair Credit Reporting Act, as required by the FTC settlement, and ChoicePoint says it will more stringently check out new customers for its data. A ChoicePoint exec brags that the company "has become a model of privacy protection" since the breach -- but if it's so concerned about consumer privacy, why did it take these further steps only as part of a settlement with the attorney generals, and not on its own? Never mind the fact that it apparently only decided security was important after a massive breach. It's really hard to believe that ChoicePoint, or indeed any other company in a similar situation, has any interest in proactively improving its security, since there's little financial incentive for them to do so. Instead, they can just leak data, pay the miniscule fines, make some changes, issue a press release, and move on.