FTC Slaps ChoicePoint's Wrist (Again)

By Andrew Noyes

October 20, 2009

Information broker ChoicePoint will pay a $275,000 fine and has agreed to strengthened data security requirements as part of an FTC settlement announced Monday. The agency charged that the company failed to implement a comprehensive information security program to protect consumers' sensitive information, as required by a previous court order. The failure left the door open to a 2008 data breach that compromised the personal information of 13,750 people and put them at risk of ID theft, the Commission said.

ChoicePoint, now a subsidiary of Reed Elsevier, switched off a key electronic security tool used to monitor access to one of its databases in April 2008, and for four months failed to detect that the security tool was off, the FTC said. During that time, an unknown person conducted unauthorized searches of a ChoicePoint database containing sensitive consumer information, including Social Security numbers. After discovering the breach, the firm brought the matter to the FTC's attention.

The FTC's prior action against ChoicePoint involved a data breach in 2005, which compromised information of more than 163,000 consumers and resulted in at least 800 cases of ID theft. The settlement and resulting 2006 court order required the company to pay $10 million in penalties and $5 million in consumer redress. ChoicePoint also agreed to beef up its security operations and obtain independent assessments every other year until 2026. The new court order extends those record-keeping and monitoring requirements.

Update [5:22 p.m.]: ChoicePoint argued in an e-mail that the FTC incorrectly characterized the monetary payment as a penalty and has since revised its press release. ChoicePoint also said the switching off of a monitoring tool was the result of a human error. The company went on to say that the unauthorized access occurred for a one-month period.

Juliana Gruenwald

Tech Writer

E-Mail: jgruenwald@nationaljournal.com.

Juliana Gruenwald has been covering tech and telecom issues for more than a decade for National Journal, Interactive Week, BNA and Congressional Quarterly. This is her second stint with National Journal. She was recruited by NJ in 1998 to help launch its first tech policy publication, Technology Daily. She left in 2000 to cover international tech and telecom issues for Ziff Davis Media's Interactive Week magazine. She started her career at United Press International as the wire service's first Helen Thomas Intern. She has a Bachelor of Arts degree from the University of Minnesota. A Minneapolis native, she misses the lakes but not the cold.

Josh Smith

Tech Reporter

E-Mail: joshsmith@nationaljournal.com.

Josh Smith covers technology policy as a staff reporter for National Journal. He previously interned at National Journal Daily, a Senate press office, and the Deseret News in Salt Lake City where he covered the state legislature, courts, and crime. In 2009 he graduated with honors from Southern Utah University after managing an award-winning student newspaper as editor-in-chief. Josh has received state, regional and national awards for his political and policy reporting, including first place in CapitolBeat’s 2009 Best of Statehouse Reporting college competition. A native of drop-dead-gorgeous Utah, Josh lives in Virginia with his wife, Amber.

HOME

WHITE HOUSE

POLITICS

CONGRESS

DOMESTIC POLICY

NATIONAL SECURITY

TECH

COLUMNS

BLOGS

POLLS

EVENTS