Off the Kuff Rotating Header Image

Identity theft protection

The good news is that there’s momentum in Congress for federal legislation to protect consumers when their personal data is stolen from brokers like ChoicePoint. The bad news is that this new law may well be weaker than current state laws but would nonetheless supersede them.

Bills introduced in Congress after lapses at information broker ChoicePoint, LexisNexis and elsewhere would supersede the growing number of state laws, many of which impose stricter standards on data brokers, banks and credit reporting agencies. Rigorous disclosure requirements in California’s law — the first in the nation, in effect since 2003 — brought many of the breaches to light.

Texas is among the states that require companies whose data is compromised to notify in writing the individuals affected.

“Many states are starting to deal with the problem,” said Susanna Montezemolo, an analyst for the nonprofit Consumers Union. “A national solution is great if done the right way, but it could actually set us back.”

Several of the federal bills have provisions that consumer advocates like, but the drafts keep changing and probably will be combined in the spring, said Chris Hoofnagle, West Coast director of the nonprofit Electronic Privacy Information Center. Some of the bills would force disclosure of an information breach only when the company involved decided there was a “significant” risk of fraud — a loophole Consumers Union said would have stopped disclosure in many of the 2005 cases.

The American Bankers Association said a high threshold for notification was necessary because otherwise consumers would get so used to being warned that they wouldn’t take the notices seriously. Banks and information brokers also argue that without a uniform federal rule, most companies will end up complying with the toughest state law in order to have a uniform policy, in effect letting one state regulate national conduct.

Help me out here: If I own a safety deposit box, is my bank required to notify me in the event that it gets broken into or otherwise damaged (by, say, a flood)? If so, then I can’t think of any reason why a data broker should be allowed to avoid notification of customers in the event that they get hacked. If they whine about the expense, remind them that a few extra ounces of prevention might be a good investment.

I really have no sympathy for the data brokers. I never chose to entrust the likes of ChoicePoint (who even heard of them before the stories about their stolen data started breaking?) with my information. It shouldn’t be up to their discretion to tell me when that trust has been violated.

Related Posts:

  • No Related Posts


  1. Congress says:

    The good news is that there’s momentum in Congress for federal legislation to protect consumers when their personal data is stolen from brokers like ChoicePoint. The bad news is that this new law may well be weaker than current state laws but would nonetheless supersede them.

    But of course! We wouldn’t want any effective laws getting between our campaign contributors and their profits, now, would we? Better to pass toothless legislation now, so we can lie to our constituents that we’ve “solved” the problem, when in fact we’ve made it worse!

  2. Mathwiz says:

    … the likes of ChoicePoint (who even heard of them before the stories about their stolen data started breaking?) ….

    Those of us who followed The Stealing Of The Presidency 2000 did! ChoicePoint was the company Katherine Harris hired to produce the infamous “felon purge” lists which disenfranchised thousands of non-felonious – but likely Democratic – Florida voters.

  3. Prove Our Democracy with Paper Ballots says:

    Just decided to Google a bit…The following and more is why Charles and everyone should be very concerned with politically acting ChoicePoint and the Bush’s having all your information…scary!

    …As was the case with Lexis Nexis and journalists. Is this Identity Theft Intimidation? Is this why the press is so bullied? This may be a form of blackmail…yes…no?


    Firm in Florida election fiasco earns millions from files on foreigners

    Oliver Burkeman in Washington and Jo Tuckman in Mexico City
    Monday May 5, 2003

    The Guardian

    A data-gathering company that was embroiled in the Florida 2000 election fiasco is being paid millions of dollars by the Bush administration to collect detailed personal information on the populations of foreign countries, enraging several governments who say the records may have been illegally obtained.

    US government purchasing documents show that the company, ChoicePoint, received at least $11m (£6.86m) from the department of justice last year to supply data – mainly on Latin Americans – that included names and addresses, occupations, dates of birth, passport numbers and “physical description”. Even tax records and blood groups are reportedly included.

    Nicaraguan police have raided two offices suspected of providing the information. The revelations threaten to shatter public trust in electoral institutions, especially in Mexico, where the government has begun an investigation.




    Major Security Breach in 2004

    ChoicePoint announced in February 2005 that the personal information of at least 145,000 Americans from all 50 states has been breached….

    Congressional hearings on the breach have revealed that ChoicePoint disclosed in recent SEC filings that it was only looking for victims from the data leak incident whose information had been stolen after July 1, 2003, the effective date of a California law requiring that victims of personal information breaches be notified. Members of Congress rebuked the company for selling such information and have proposed federal privacy reforms.

    …According to the Associated Press, ChoicePoint suffered a previous similar, less publicized, ID theft in 2002.

    Florida Voter File Contract

    In 1998, the state of Florida signed a 4 million USD contract with Database Technologies (DBT Online), which later merged into ChoicePoint, for the purposes of providing a central voter file listing those barred from voting….

    ChoicePoint has been criticized, by many critics of the 2000 election, for having a bias in favor of the Republican Party, for knowingly using inaccurate data, and for racial discrimination….

    Journalist Greg Palast has argued that the firm cooperated with Florida Governor Jeb Bush, Florida Secretary of State Katherine Harris, and Florida Elections Unit Chief Clay Roberts, in a conspiracy of voter fraud, involving the central voter file, during the US Presidential Election of 2000. The allegations charge that 57,700 people (15% of the list), primarily Democrats of African-American and Hispanic descent, were incorrectly listed as felons and thus barred from voting. Palast estimates that 80% of these people would have voted, and that 90% of those who would have voted, would have voted for Al Gore. The official (and disputed) margin of victory, in the election, was 537 votes.

    …ChoicePoint Vice President Martin Fagan has admitted that at least 8,000 names were incorrectly listed in this fashion when the company passed on a list given by the state of Texas, these 8,000 names were removed prior to the election. Fagan has described the error as a “minor glitch”. ChoicePoint, as a matter of policy, does not verify the accuracy of its data and argues that it is the user’s responsibility to verify accuracy.


    From CenterPoint to MATRIX

    From: / News / Outfront

    Mining the Matrix

    A computer program has marked thousands of citizens as potential terrorists.

    Jim DeFede
    September/October 2004 Issue

    … Hank Asher’s brainchild has blossomed into the MATRIX—the Multistate Anti-Terrorism Information Exchange, a network of state databases subsidized by the Department of Homeland Security and the Justice Department. While Seisint provides its databases, technology, and facilities for the project, the Florida Department of Law Enforcement and a nonprofit research institute in Florida manage the day-to-day operations. Law enforcement agencies in four other states—Connecticut, Michigan, Ohio, and Pennsylvania—are enrolled in the project, which allows them to conduct searches for criminal investigations in return for putting their own databases into MATRIX. Although a number of states have withdrawn from the program, citing administrative costs, Florida governor Jeb Bush, a strong backer of MATRIX, is working to recruit more.

    …For civil libertarians, the MATRIX conjures up memories of another data-mining project—Admiral John Poindexter’s Total Information Awareness program, which the Senate, out of civil liberties concerns, nixed in January 2003 before it launched. MATRIX, however, has escaped congressional scrutiny since it is considered a state program.

    …Steinhardt (Barry Steinhardt, director of the ACLU’s Technology and Liberty Project) notes that federal officials are administering this program through the states, letting the MATRIX avoid scrutiny. “There is no question they have hidden this from Congress,” he says.

    But Asher is unlikely to be involved in such a decision. In July, Seisint was sold to Reed Elsevier, the Anglo-Dutch information and publishing company that owns LexisNexis. He had already resigned from Seisint’s board of directors, as federal officials last year became aware of his smuggling planeloads of cocaine into the United States in the early 1980s. (He was never charged with a crime and became an informant against other drug traffickers.)

  4. Prove Our Democracy with Paper Ballots says:

    Oops! From ChoicePoint (Not CenterPoint) to MATRIX