Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« What IT Leaders Need to Know About Using Production Data for Testing | Main | Insider Threat Example: FBI Computer Consultant Hacked Director's Passwords »

Despite Choicepoint Spin There Are Still Many Informtion Security and Privacy Concerns

There was a very interesting read in ConsumerAffairs today, "ChoicePoint Gets a Makeover."

The story reinforces once again the need to have a good security program in place with good controls and a well communicated comprehensive information security awareness and training program.  If the controls and awareness had been in place would this fraud have occurred?  We'll never know for sure, but the chances would have been much smaller that this incident would have occurred...knowledge and controls could have blocked the criminals from instigating their fraud.

However, lack of controls and awareness aside, the gargantuan amount of personal information Choicepoint controls is very scary...especially considering how the use of it to make decisions impacts virtually everyone in the U.S. and significant others outside the states.

It would have been good to have gotten some statistics about ChoicePoint in this story...how many people's records do they have in their systems?  In how many places are these records located?  How do they successfully and completely change errors within the records?  What specific types of information do they have?  I have a feeling the answer to that would be a very, very long and disconcerting list.  With how many other organizations do they share their data?  Do they send information corrections to all these other organizations when they correct their own errors?  I could go on...but you get the picture....

Some information about Choicepoint from their site:

  • They have around 5,500 employees in 60 locations (Is all our personal data also as scattered?  Are any of these locations outside the U.S.?  Within any outsourced entities?)
  • Their 2005 Annual Report is interesting (A lot of spin....A LOT.)  A few excerpts:
    • "For the first time ever, revenues exceeded one billion dollars, at $1.06 billion, a 15 percent increase over 2004."
    • "Last year, we helped more than 100 million Americans obtain fairly-priced home and auto insurance."

So they have information on at least 100 million Americans then?

    • "As of December 31, 2005, the Company recorded a charge of $8.0 million for the FTC settlement that represents the $10.0 million civil penalty, the $5.0 million fund of consumer redress initiatives, a $4.0 million charge for additional obligations under the order offset by $11.0 million anticipated recovery of these fees from the Company’s insurance carrier."

Interesting...so of the $19 million penalty, Choicepoint only had $8 million come out of their pockets...the other $11 million was covered by their insurance provider...gee, wonder if that is something that will impact their insurance score and bump up their premium...speaking of which...

This story caught my eye for another reason because I've been interested in the impact and type of insurance scores Choicepoint generates and how they impact consumers' costs for insurance.  To see a list of all the variables that go into creating your insurance score see Choicepoint's ChoiceTrust site.  There are 156 different types of situations/events listed that can impact your insurance costs...making them go higher...and some of them will be surprising to a large segment of the population.

It's truly amazing the power and impact these huge data brokers have, Choicepoint in particular, and the huge amount of personal information...some of it inaccurate but propogated...about literally 100's of millions of people.

Technorati Tags








 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on July 16, 2006 8:51 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/135

Comments

It is really important to make information security a part of a daily routine!
http://www.infosecuritylab.com

Posted by: infosec | September 7, 2006 7:29 AM

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.