X

ChoicePoint: We're sorry for data leak

The data broker apologizes for exposing 145,000 Americans to ID fraud at a congressional hearing into the need for new data-protection laws.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
See full bio
Declan McCullagh
2 min read
The chairman of ChoicePoint, which disclosed the personal information of 145,000 Americans to identity thieves, publicly apologized on Tuesday for the data mishap.

ChoicePoint's Derek Smith, also the chief executive, told a congressional committee he wanted to offer an "apology on behalf of our company," which he said would help anyone who suffered identity fraud as a result. The data disclosure has led to 750 known cases of identity fraud so far.

The incident "has caused us to undergo some serious soul-searching," Smith said. ChoicePoint is a data warehouse that compiles electronic dossiers on Americans and sells them to insurance companies, other businesses and police agencies.

Smith's apology comes as Congress considers new laws in response to a series of security snafus involving not just ChoicePoint but also Bank of America, payroll provider PayMaxx and Reed Elsevier Group's LexisNexis service. A U.S. Senate committee held a hearing on the security of sensitive consumer information last week.

During Tuesday's hearing, two legislative approaches seemed to be the most popular: restricting the sale of Social Security numbers, and requiring companies to disclose to people when a serious security breach of their information takes place. Some states already are considering such security breach requirements, and California has enacted such a law.

Rep. Joe Barton, a Texas Republican who chairs the Energy and Commerce Committee, asked whether there was "any reason why we should not make it illegal to trade a person's Social Security number, and the data that goes with it, without their permission?"

Deborah Platt Majoras, who chairs the Federal Trade Commission, said she generally agreed with such a rule. The only exception, Majoras said, was perhaps when police or private investigators are "tracking down criminals."

But ChoicePoint's Smith said that he wasn't willing to agree that such a law would be wise.

"I'd have to better understand the definition of 'sale' and how it's done," Smith said in response to a question from Rep. Edward Markey, a Massachusetts Democrat. "There are certain circumstances where the sale of those numbers are in the consumer's best interests."

Kurt Sanford, CEO of LexisNexis, agreed: "I would not support a blanket ban on the sale of Social Security numbers."