Data broker ChoicePoint Inc.'s recent high-profile security breach, which allowed crooks to gain access to personal information on more than 145,000 consumers, could lead to federal regulations aimed at holding consumer data-gathering firms accountable for inadequate data protection and inappropriate distribution of consumer information.
A bipartisan group of politicians castigated the consumer information industry at March hearings held by the U.S. Senate and the House of Representatives.
At the Senate Banking, Housing and Urban Affairs Committee, Democrats Sen. Bill Nelson from Florida and Sen. Jon Corzine from New Jersey announced they would introduce legislation regulating the industry. And Alabama Republican Sen. Richard Shelby, chairman of the powerful committee, noted there is no single federal agency that oversees the safety and security of consumer data.
That job may fall to the Federal Trade Commission as it is already responsible for maintaining the accuracy and efficiency of the credit reporting system through the Fair Credit Reporting Act. The FTC also administers the Fair and Accurate Credit Transaction Act of 2003. The FACT Act gives consumers some control over who can view data that credit agencies collect about them while allowing them to examine the data to dispute or correct false information. The agency also has some authority over the handling of consumer data by financial institutions through the Gramm-Leach-Bliley Act.
The FTC has been monitoring the rise of identity theft and received widespread coverage for its 2004 study that found that 9 million consumers were victimized by the crime.
Legislation in the House is being sponsored by Rep. Ed Markey (D-Mass.) while Rep. Clay Shaw, a Florida Republican, has introduced a bill that would ban the sale of Social Security numbers.
Data brokers do not need permission from the public to collect and sell their personal information, but the kind of breach ChoicePoint experienced-criminals essentially walking in through the front door-is more serious than if the company's computers had been attacked by individuals looking to steal information, says Marc Rotenberg, executive director of the Electronic Privacy Information Center.
Alpharetta, Ga.-based ChoicePoint collects financial, medical, and other personal information on billions of people and sells it to marketers and government agencies, among others.
ChoicePoint competitors include Acxiom Corp., LexisNexis/Seisent, and the Westlaw division of Thomson Corp.
After the data debacle broke, ChoicePoint announced it would stop selling information products that contain sensitive consumer data, including Social Security numbers, to small business customers-except in limited cases where the products support federal, state or local government purposes.
String of Problems
The ire of Congress was raised by a string of data security problems. LexisNexis, a division of Reed Elsevier PLC, reported in March that personal information on 32,000 U.S. residents had been stolen from its database.
Bank of America Corp. reported it lost tapes with personal data on 1.2 million federal employees that participate in the SmartPay charge card program overseen by the General Services Administration.
Merchants DSW Shoes Warehouse and BJ's Wholesale Club also reported that credit card data had been either lost or stolen from their databases.
ChoicePoint and LexisNexis executives told Congress that federal oversight of the industry would be more workable than a patchwork of state laws.
Authoritative analysis and perspective for every segment of the payments industry
Authoritative analysis and perspective for every segment of the industry
Have an account? Sign In