44 State AGs Settle with ChoicePoint Over Information Privacy Breach

June 1, 2007

Attorneys general from 44 states have signed an agreement with a Georgia-based company that distributes consumers’ personal information to settle allegations that the company failed to adequately maintain the privacy of that information.

The company, ChoicePoint, provides personal identification information and credential verification services to insurers and other businesses, government and non-profit organizations.

In February 2005, ChoicePoint announced that criminals, posing as legitimate businesses, gained access to consumers’ personally identifiable information. Following that breach, the company used the California breach notification law as a guide and mailed more than 145,000 notices to consumers across the country whose information may have been viewed or acquired by the criminals.

As part of the agreement, ChoicePoint will make changes in the way it grants credentials to new customers who have access to personally identifiable information. Certain sensitive information available to the public, including Social Security numbers, will now receive greater protection.

Nationally, about 750 people were victimized by identity theft related to the breach, according to the attorneys general.

ChoicePoint will also pay $500,000 to the states under the settlement.

According to officials, the agreement marks the first time a data broker has agreed to safeguard publicly available information using the same credentialing methods that it uses to safeguard financial information protected by law.

“This agreement is a landmark achievement in the fight to protect an individual’s personal information,” said Florida Attorney General Bill McCollum. “Identity theft is the crime that often never stops victimizing its target, stealing not only their money but also their good name.”

Consumers who suffered expenses relating to identity theft that resulted from the ChoicePoint breach may obtain redress under a 2006 Federal Trade Commission Order that required the company to pay $5 million into a fund for consumer reimbursement. The deadline to submit a redress claim form to the FTC is June 22, 2007. If consumers meet the eligibility requirements for redress, they can complete the redress form and submit that for consideration. More information is available at: http://www.ftc.gov/bcp/conline/cases/choicepoint/index.shtm.

The states signing the settlement are: Alabama, Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Hawaii, Idaho, Illinois, Indiana, Iowa, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, South Dakota, Tennessee, Texas, Vermont, Virginia, Washington, West Virginia, Wisconsin and the District of Columbia.

Was this article valuable?

Here are more articles you may enjoy.