Choicepoint will Take Measures to Safeguard Publicly Available Personal Information

May 31, 2007 -- INDIANAPOLIS, IN – Indiana Attorney General Steve Carter, along with the attorneys general of 43 other states, have announced a settlement with ChoicePoint to resolve allegations that the company failed to adequately maintain the privacy and security of consumers’ personally identifiable information in its control.

ChoicePoint is a provider of identification and credential verification services to businesses, government and non-profit organizations. ChoicePoint, among other things, collects, maintains, and distributes consumers’ personally identifiable information. In February 2005, ChoicePoint announced that criminals posing as legitimate businesses gained access to consumers’ personally identifiable information. ChoicePoint, using the California breach notification law as a guide, mailed more than 145,000 notices to consumers across the country whose information may have been viewed or acquired, 2,300 Indiana residents were affected.

Article continues below...

As part of the settlement with the state attorneys general, ChoicePoint will make ongoing changes in the way that the company credentials new customers who have access to personally identifiable information.

A data broker has agreed to safeguard publicly available information using the same credentialing methods as it uses to safeguard financial information that is protected by law. Certain sensitive publicly available information, including Social Security numbers, will now receive greater protection.

“Altering business practices to protect personal identifying information is a reality in this age of technology,” Indiana Attorney General Steve Carter said. “Companies should learn from this unfortunate situation that put thousands of people at risk of identity theft.”

ChoicePoint will pay $500,000 to the states for costs.

In January 2006, ChoicePoint paid $10 million in penalties and another $5 million for consumer restitution under a settlement with the Federal Trade Commission.

Under that settlement, consumers will receive out-of-pocket expenses as a result of identity theft that occurred from the breach. The deadline to submit a claim form to the FTC is June 22, 2007. Eligibility requirements and the form are available at: http://www.ftc.gov/bcp/conline/cases/choicepoint/index.shtm.

Examples of expenses for which consumers may be reimbursed:
- Unauthorized charges on existing accounts NOT covered by bank or credit card company
- Money paid on new accounts opened in consumer’s name
- Money paid to a debt collector on new accounts opened in consumer’s name
- Cost of ordering new checks
- Cost to file or receive copy of police report
- Notary fees
- Costs associated with correcting unauthorized charges and/or disputing incorrect information

Joining Indiana in today’s settlement are: Alabama, Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Hawaii, Idaho, Illinois, Iowa, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, South Dakota, Tennessee, Texas, Vermont, Virginia, Washington, West Virginia, Wisconsin and the District of Columbia.

Source: Indiana Attorney General