X

Clampdown looms as ChoicePoint reveals leaks

Lawmakers say they may clamp new rules on data brokers as ChoicePoint tells them it has had breaches that it did not make public.

Reuters
See full bio
2 min read
Seeking to combat rampant identity theft, U.S. lawmakers said on Thursday they may clamp new restrictions on companies that amass and sell Social Security numbers and other personal information.

Executives from ChoicePoint and rival LexisNexis told legislators that they had scaled back the sale of sensitive personal information following revelations in recent weeks that identity thieves gained access to more than 177,000 of the consumer profiles they sell.

But lawmakers said during the U.S. House of Representatives Energy and Commerce Committee hearing that data brokers should not be allowed to sell Social Security numbers without permission from the individuals involved.

"There's a very good chance we're going to put together a bill," said committee chairman Joe Barton, a Texas Republican.

"I've not heard anything that explains to me why we should allow that to go on," said Barton, who said he would probably carve out an exemption for police investigations.

Government-issued Social Security numbers are considered the key to identity theft scams because they are frequently used as unique identifiers by banks and other companies that handle sensitive information, such as medical records.

"This is an industry still in denial, that still doesn't recognize how highly Americans value their privacy, and hopes to ride out this scandal," said Massachusetts Democratic Rep. Ed Markey, who has already introduced such a bill.

Amassing records
ChoicePoint and other data brokers have operated largely free of restrictions as they amass driving records, fingerprints and other personal details into comprehensive profiles they sell to law enforcement agencies, landlords and businesses.

But regulation appears likely. Last month, ChoicePoint revealed it had inadvertently sold 145,000 profiles to identity thieves, and LexisNexis said criminals had gained access to 32,000 profiles at its Seisint subsidiary.

More painful revelations may be ahead.

At a separate hearing by the Senate Banking Committee, ChoicePoint vice president Don McGuffey said the company had "a handful" of breaches in the past that it has not made public. McGuffey said he did not know enough to elaborate.

The chairman of the Federal Trade Commission said last week that data brokers should be required to take reasonable precautions to protect consumer profiles, and tell consumers when security breaches place that data at risk.

Senators have suggested other approaches, from fining companies that don't protect consumer data to withholding government business from those that have poor security.

ChoicePoint and LexisNexis officials said they supported greater security requirements and a national disclosure law, as well as some restrictions that would limit the disclosure of Social Security numbers.

But they tried to convince the committee that they needed to use Social Security numbers to differentiate between people with the same name.

"We just need to make sure that we can maintain the uniqueness of these individuals," said ChoicePoint chief executive Derek Smith.

Story Copyright © 2005 Reuters Limited. All rights reserved.