ChoicePoint: We're sorry for data leak
The data broker apologizes for exposing 145,000 Americans to ID fraud at a congressional hearing into the need for new data-protection laws.
ChoicePoint's Derek Smith, also the chief executive, told a congressional committee he wanted to offer an "apology on behalf of our company," which he said would help anyone who suffered identity fraud as a result. The data disclosure has led to 750 known cases of identity fraud so far.
The incident "has caused us to undergo some serious soul-searching," Smith said. ChoicePoint is a data warehouse that compiles electronic dossiers on Americans and sells them to insurance companies, other businesses and police agencies.
Smith's apology comes as Congress considers new laws in response to a series of security snafus involving not just ChoicePoint but also Bank of America, payroll provider PayMaxx and Reed Elsevier Group's LexisNexis service. A U.S. Senate committee held a hearing on the security of sensitive consumer information last week.
During Tuesday's hearing, two legislative approaches seemed to be the most popular: restricting the sale of Social Security numbers, and requiring companies to disclose to people when a serious security breach of their information takes place. Some states already are considering such security breach requirements, and California has enacted such a law.
Rep. Joe Barton, a Texas Republican who chairs the Energy and Commerce Committee, asked whether there was "any reason why we should not make it illegal to trade a person's Social Security number, and the data that goes with it, without their permission?"
Deborah Platt Majoras, who chairs the Federal Trade Commission, said she generally agreed with such a rule. The only exception, Majoras said, was perhaps when police or private investigators are "tracking down criminals."
But ChoicePoint's Smith said that he wasn't willing to agree that such a law would be wise.
"I'd have to better understand the definition of 'sale' and how it's done," Smith said in response to a question from Rep. Edward Markey, a Massachusetts Democrat. "There are certain circumstances where the sale of those numbers are in the consumer's best interests."
Kurt Sanford, CEO of LexisNexis, agreed: "I would not support a blanket ban on the sale of Social Security numbers."