X

ChoicePoint overhaul completed, company says

Data broker says it has made changes to prevent private information from falling into the wrong hands.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
See full bio
Joris Evers
2 min read
ChoicePoint, the data broker that leaked information on about 145,000 Americans, says it has completed changes to its business to prevent such a breach from happening again.

"In fact, we've gone beyond our announced commitments to make substantial changes in the past 90 days," ChoicePoint spokesman Dan McGinn said in an e-mail late Tuesday.

The Alpharetta, Ga.-based data broker is clarifying its position after a spokeswoman told News.com on Friday that the transition process was ongoing and that it would be some time before the company could announce its completion.

ChoicePoint revealed in February that scam artists had gotten access to personal data on tens of thousands of Americans, resulting in at least 750 cases of identity theft. The scandal has prompted calls for new legislation to protect consumers' privacy rights.

About a month later, ChoicePoint said its earlier estimate that 145,000 people were affected by the leak may have been low. The company also announced it would exit some parts of the personal data business and that it would sell information only in situations where specific criteria are met. ChoicePoint said at the time that the transition would be "substantially completed" within 90 days, suggesting the effort would be done in early June.

As part of the changes, ChoicePoint said it would no longer sell data to private investigators, debt collectors, or businesses such as check-cashing outfits, unless they are associated with an accredited bank. Additionally, ChoicePoint said it planned to mask sensitive information such as Social Security numbers in its reports.

ChoicePoint also said in March that it would only provide data in three general situations: to support consumer-driven transactions such as those with insurers or employers, or to provide consumers access to their own data; to provide authentication or fraud-prevention tools; and to assist justice agencies.

"ChoicePoint has absolutely fulfilled its obligation to do what it said it would do in the 90-day period," McGinn said, noting that the company has actually gone beyond the goals it initially set for itself.

The company, for example, has created an Office of Privacy, Credentialing and Compliance, which oversees policies regarding the company's compliance with local, state and federal privacy laws, regulations and company policies, as well as the credentialing of customers.