ChoicePoint CEO grilled by Congress

Members of Congress grilled ChoicePoint CEO Derek Smith on Tuesday, demanding the company do more to protect customers in the wake of the massive information leak at the database giant.

"The incident has caused us to go through some serious soul searching," Smith said, testifying at a hearing held by the House Subcommittee on Commerce, Trade, and Consumer Protection.

ChoicePoint revealed last month that thieves had accessed the personal information of 145,000 U.S. consumers from the firm. 

Smith said ChoicePoint has now abandoned part of the data sales market would support some new legislation, including wider notification to victims.

Rep. Edward J. Markey, D-Mass., was one of several House members who expressed frustration with ChoicePoint and the commercial data industry, which has suffered several high-profile data leaks recently.

"This is an industry that's still in denial," Markey said. "And it hopes to be able to ride out this scandal without Congress passing serious privacy legislation."

Kurt Sanford, chief executive officer of Lexis Nexis, also testified at the Capitol Hill hearing. His firm recently revealed similar data leaks involving 32,000 consumers.

Ban on sale of SSNs?
Both CEOs were questioned about proposed legislation to regulate the sale of personal information, including bills that would make the sale of Social Security numbers illegal in certain circumstances, and give consumers the right to dispute inaccurate information stored by commercial data brokers.

‘If I want somebody to have my Social Security number, I will give it to them. ... But it's routinely given without my permission, and I just think that's fundamentally unfair.’ — Rep. Joe Barton, R-Texas

"I just think that's wrong," to sell personal information without informing the consumer, said Rep. Joe Barton, R-Texas. "If I want somebody to have my Social Security number, I will give it to them. ... But it's routinely given without my permission, and I just think that's fundamentally unfair."

Markey compared the burgeoning commercial data broker industry to an open street market in Bombay, India.

"How would consumers feel if they discovered that while they take extra precautions to guard their personal information, their names, Social Security numbers, tax records, credit histories and employment documents were piled high into wheelbarrows and baskets and sold to the highest bidder?" Markey asked. "Right here, get your Social Security numbers. Medical records, employment history, cheaper by the dozen."

Smith and Sanford said they were opposed to legislation banning the sale of Social Security numbers, arguing that the sale of personal information was important to fight fraud and assist law enforcement in its investigations.

"The privacy debate should not be a debate between civil defense and civil liberty," Smith said.  "We should strive to protect both."

Both Smith and Sanford said they would support some new regulation of their firms and the commercial data brokerage industry, including a national law requiring notification of consumers if their personal information has been stolen and they face "substantial risk."

BOB SULLIVAN ON CHOICEPOINT THEFT Database giant gives access to fake firms Read the Feb. 14 story that started it all Data theft affects 145,000 nationwide Suspect agrees to plea deal ChoicePoint files found riddled with errors No easy way to fix mistakes, either ChoicePoint CEO grilled by Congress Data broker backs some new regulations, Smith says

A version of that law in California led to the initial disclosure of the ChoicePoint incident. They also said they would support extending the so-called "Safeguard Rule", passed as part of the Financial Modernization Act, to data brokerages. The rule gives the Federal Trade Commission oversight of data safety procedures at financial institutions.

"We share the subcommittee's concerns,"  Sanford said. "We support legislation that imposes stringent penalties for misuse of information."

In earlier testimony before the committee, FTC chairwoman Deborah Platt Majoras said her agency supported similar proposals.

But Marc Rotenberg, executive director of the Electronic Privacy Information Center, told the hearing that more extensive regulation was required.

"There has been discussions with the Federal Trade Commission ... but there has been no discussion with consumer organizations regarding what might be effective privacy protection."

MORE FROM SECURITY

Security Section Front

Debate over possible responses to cyber attacks   Experts work to untangle cyber attacks S. Korean Web sites under renewed attack White House among targets of cyber attack U.S. eyes N. Korea for ‘massive’ cyber attacks How a denial-of-service attack works A look at Estonia’s cyber attack in 2007 Researchers say they can guess your SSN Chinese go online to vent ire at Xinjiang unrest Dell launches digital forensics service for police Security Section Front   Add Security headlines to your news reader: