Slashdot Mirror

← Back to Stories (view on slashdot.org)

ChoicePoint -- What We Learned from Our Screw-up

Posted by ryuzaki0 on from the ahem-ahem-ahem dept.

xpangler points out an article in Baseline magazine in which "ChoicePoint's lead privacy & compliance executives talks about the 'more than 30' new practices and procedures the company has put in place since it mistakenly sold private data on 163,000 people to Nigerian criminals last year."

3 of 60 comments (clear)

  1. Mental translation by finkployd · · Score: 4, Insightful

    Perhaps I am too cynical, but when I see this:
    Carol DiBattiste, ChoicePoint's chief credentialing, compliance and privacy officer, says the company has taken numerous steps in the past year to make sure such a breach never happens again.

    I cannot help but think they actually mean:
    Carol DiBattiste, ChoicePoint's chief credentialing, compliance and privacy officer, says the company has taken numerous steps in the past year to make sure such a breach is never made public again.

    Really, the ONLY consequence a company like this suffers from a breach is negative publicity and maybe a token fine. Even bad publicity is not really a problem for them since the people they hurt have no say in whether or not to do business with them.

    When that is the case, I'll bet it much easier to clamp down on leaks and not reveal breaches to the public/government than prevent them.

    Finkployd

    1. Re:Mental translation by aztec+rain+god · · Score: 4, Insightful

      Isn't the real lesson from that whole debacle that Choicepoint has no business handling my personal information? It seems to me like if they really were to 'get it', they would find a different line of work to be in, and perhaps do some form of good for humanity. In my mind, the real transgression going on wasn't the 160,000- odd cases of Nigerians getting their hands on the personal data, its the unknown number of 'legitimate' transactions.

      I think you've hit a good point, that people have no say as to what is done with their info. There really needs to be a mechanism, or a form or something where I can tell Choicepoint to delete any records having to do with me.

      --
      Sig cannot be found.
  2. Pop quiz by Rob+T+Firefly · · Score: 4, Insightful
    It's enhanced user ID and password protections--if employees forget their passwords, they must take a five-question quiz (example: "What year was your Social Security number issued?") to reset it; if they fail that, they must pass a 15-question quiz with a systems administrator.
    I'm sure that makes everyone feel better and inspires lots of Holy Grail "What... is your favorite color?" gags, but as long as the info exists in records for someone to verify, it's open to being copied and used by the wrong people.
    --
    Slashdot Burying Stories About Slashdot Media Owned