There was a very interesting read in ConsumerAffairs today, "ChoicePoint Gets a Makeover."
The story reinforces once again the need to have a good security program in place with good controls and a well communicated comprehensive information security awareness and training program. If the controls and awareness had been in place would this fraud have occurred? We’ll never know for sure, but the chances would have been much smaller that this incident would have occurred…knowledge and controls could have blocked the criminals from instigating their fraud.
However, lack of controls and awareness aside, the gargantuan amount of personal information Choicepoint controls is very scary…especially considering how the use of it to make decisions impacts virtually everyone in the U.S. and significant others outside the states.
It would have been good to have gotten some statistics about ChoicePoint in this story…how many people’s records do they have in their systems? In how many places are these records located? How do they successfully and completely change errors within the records? What specific types of information do they have? I have a feeling the answer to that would be a very, very long and disconcerting list. With how many other organizations do they share their data? Do they send information corrections to all these other organizations when they correct their own errors? I could go on…but you get the picture….
Some information about Choicepoint from their site:
-
They have around 5,500 employees in 60 locations (Is all our personal data also as scattered? Are any of these locations outside the U.S.? Within any outsourced entities?)
-
Their 2005 Annual Report is interesting (A lot of spin….A LOT.) A few excerpts:
-
"For the first time ever, revenues exceeded one billion dollars, at $1.06 billion, a 15 percent increase over 2004."
-
"Last year, we helped more than 100 million Americans obtain fairly-priced home and auto insurance."
-
So they have information on at least 100 million Americans then?
- "As of December 31, 2005, the Company recorded a charge of $8.0 million for the FTC settlement that represents the $10.0 million civil penalty, the $5.0 million fund of consumer redress initiatives, a $4.0 million charge for additional obligations under the order offset by $11.0 million anticipated recovery of these fees from the Company’s insurance carrier."
Interesting…so of the $19 million penalty, Choicepoint only had $8 million come out of their pockets…the other $11 million was covered by their insurance provider…gee, wonder if that is something that will impact their insurance score and bump up their premium…speaking of which…
This story caught my eye for another reason because I’ve been interested in the impact and type of insurance scores Choicepoint generates and how they impact consumers’ costs for insurance. To see a list of all the variables that go into creating your insurance score see Choicepoint’s ChoiceTrust site. There are 156 different types of situations/events listed that can impact your insurance costs…making them go higher…and some of them will be surprising to a large segment of the population.
It’s truly amazing the power and impact these huge data brokers have, Choicepoint in particular, and the huge amount of personal information…some of it inaccurate but propogated…about literally 100’s of millions of people.
Technorati Tags
information security
IT compliance
Choicepoint
privacy law
data mining
personal information protection
awareness and training
regulatory compliance
privacy