ChoicePoint's error sparks talk of ID theft law
The company reportedly has data on virtually every adult in the U.S.
IDG News Service - The revelation last week that data collector ChoicePoint Inc. has mistakenly given private information on up to 145,000 U.S. residents to identity thieves has led to renewed calls in Washington for a national data privacy law.
On Feb. 16, Alpharetta, Ga.-based ChoicePoint reached agreement with 19 state attorneys general to tell the 145,000 potential victims that ID thieves may have gained access to personal information such as Social Security numbers and credit reports. Potential victims live in all 50 U.S. states, the District of Columbia, Puerto Rico, Guam and the U.S. Virgin Islands.
The ChoicePoint problem points to the need for a national privacy law, said representatives of the Electronic Privacy Information Center (EPIC) and the Center for Democracy and Technology (CDT), which are privacy advocacy groups. For most U.S. companies, the only regulation that calls for notification of victims of ID theft is a California law that requires companies doing business in the state to notify customers if their personal information has been accessed by an unauthorized person. That law went into effect in July 2003.
"There certainly is agreement that we need better notification, exactly because of cases like this," said Ari Schwartz, associate director at the CDT. "We're seeing [data companies] selling it to a lot of different people."
ChoicePoint has access to about 19 billion public records, and the company reportedly has information on virtually every adult living in the U.S.
In addition to calls for legislation from privacy advocates, Sen. Dianne Feinstein (D-Calif.) has called for congressional hearings on a piece of privacy legislation she introduced this year. Feinstein's Notification of Risk to Personal Data Act, introduced Jan. 24, would require businesses and government agencies to notify a likely victim when there is a "reasonable basis to conclude" that a criminal has obtained unencrypted personal data.
Feinstein's bill lacks co-sponsors, and a similar bill went nowhere in Congress in 2004. Asked about the bill's chances in 2005, a Feinstein spokesman said the ChoicePoint problems have shown the need for legislation.
"Moving any bill is always a difficult prospect, but now more people are coming to an understanding of the issue of identity theft," the spokesman said.
In a statement, Feinstein called for the Senate Judiciary Committee to hold hearings on her bill as soon as possible. "I strongly believe individuals have a right to be notified when their most sensitive information is compromised -- because it is truly their information," she said in the statement. "And they have the right to decide what actions they want to take once a breach has been
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Enhancing Application Protection and Recovery with a Modern Approach to Snapshot Management This CommVault Business Value and Technology White Paper explains how Simpana IntelliSnap® Recovery Manager can make your application recovery fast and reliable.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts