Missouri Ag Reaches Agreement With Choicepoint Over Failure To Adequately Protect Its Customers’ Personal Information
May 31, 2007 -- Jefferson City, Mo. — Missouri Attorney General Jay Nixon, along with the attorneys general of 43 other states, has reached a settlement with Georgia-based ChoicePoint to resolve allegations that the company failed to adequately maintain the privacy and security of consumers’ personally identifiable information that was in its control. The assurance of voluntary compliance was filed today in Cole County Circuit Court.
ChoicePoint is a provider of identification and credential verification services to businesses, government and non-profit organizations, as it collects, maintains and distributes the personally identifiable information of consumers. Nixon says that in February 2005, ChoicePoint announced that criminals posing as legitimate businesses gained access to this personal information. After these crimes, ChoicePoint mailed more than 145,000 notices to consumers across the country whose information may have been viewed or acquired by the criminals.
In January 2006, ChoicePoint settled its case with the Federal Trade Commission, and paid $5 million into a pool to be used for consumer redress. The company also reached this separate settlement with the states, through which it is paying $500,000 to the states. Missouri will receive $5,500 of this payment for use to fund consumer education and enforcement of consumer protection laws.
“It’s important that as part of this agreement, ChoicePoint will make significant, ongoing changes in the way the company credentials new customers who have access to consumers’ personal information,” Nixon said. “Considering the threat that identity theft poses in this day and age, we expect that this or any other business that handles such sensitive information will vigilantly protect it.”
As part of the settlement, ChoicePoint is required to implement a program for developing a credentialing checklist designed to protect its reports from unauthorized or fraudulent use or access. The program includes verification of the business identity of the applicant seeking the report, that the applicant is engaged in the business they claim to be performing, and that the business has a permissible purpose for obtaining the information. ChoicePoint is also required to develop a red-flag system that will alert the company that an application may be fraudulent, and follow up with an investigation. The company is also required to perform yearly random audits to determine if its credentialing program is working, and submit to independent, third-party compliance assessments in 2008, 2010 and 2012.
Source: Missouri Attorney General
Related articles
- 2007-06-01: Missouri Ag Reaches Agreement With Choicepoint Over Failure To Adequately Protect Its Customers’ Personal Information
- 2007-06-01: Choicepoint To Pay $5,000 To Wisconsin In Multi-State Consumer Settlement
- 2007-06-01: Washington AG McKenna Announces Multistate Settlement with ChoicePoint Stemming from Data Breach
- 2007-06-01: Vermont Attorney General Sorrell Reaches Agreement With Choicepoint
- 2007-06-01: Texas Attorney General's Settlement with ChoicePoint Protects Consumers' Private Information
- 2007-06-01: South Dakota Attorney General Long Reaches Agreement with ChoicePoint
- 2007-06-01: Oregon Attorney General Reaches Agreement With ChoicePoint
- 2007-06-01: Ohio Attorney Pleased That Choicepoint Is Agreeing To Make Changes To Its Business Practices To Better Protect Ohioans
- 2007-06-01: Choicepoint Agrees To Better Protect Consumers' Info, Announces North Carolina AG Cooper
- 2007-06-01: Choicepoint will Take Measures to Safeguard Publicly Available Personal Information
- 2007-06-01: Illinois Attorney General Madigan Reaches Agreement With Choicepoint
- 2007-06-01: Idaho: ChoicePoint Agrees to Stronger Safeguards on Consumer Information