ChoicePoint: We're sorry for data leak

By Declan McCullagh, Staff Writer, CNET News.com.

Published: March 15, 2005

The chairman of ChoicePoint, which disclosed the personal information of 145,000 Americans to identity thieves, publicly apologized on Tuesday for the data mishap.

ChoicePoint's Derek Smith, also the chief executive, told a congressional committee he wanted to offer an "apology on behalf of our company," which he said would help anyone who suffered identity fraud as a result. The data disclosure has led to 750 known cases of identity fraud so far.

Smith's apology comes as Congress considers new laws in response to a series of security snafus involving not just ChoicePoint but also Bank of America, payroll provider PayMaxx and Reed Elsevier Group's LexisNexis service. A U.S. Senate committee held a hearing on the security of sensitive consumer information last week.

During Tuesday's hearing, two legislative approaches seemed to be the most popular: restricting the sale of Social Security numbers, and requiring companies to disclose to people when a serious security breach of their information takes place. Some states already are considering such security breach requirements, and California has enacted such a law.

Rep. Joe Barton, a Texas Republican who chairs the Energy and Commerce Committee, asked whether there was "any reason why we should not make it illegal to trade a person's Social Security number, and the data that goes with it, without their permission?"

Deborah Platt Majoras, who chairs the Federal Trade Commission, said she generally agreed with such a rule. The only exception, Majoras said, was perhaps when police or private investigators are "tracking down criminals."

But ChoicePoint's Smith said that he wasn't willing to agree that such a law would be wise.

"I'd have to better understand the definition of 'sale' and how it's done," Smith said in response to a question from Rep. Edward Markey, a Massachusetts Democrat. "There are certain circumstances where the sale of those numbers are in the consumer's best interests."

Kurt Sanford, CEO of LexisNexis, agreed: "I would not support a blanket ban on the sale of Social Security numbers."