ChoicePoint -- What We Learned from Our Screw-up

xpangler points out an article in Baseline magazine in which "ChoicePoint's lead privacy & compliance executives talks about the 'more than 30' new practices and procedures the company has put in place since it mistakenly sold private data on 163,000 people to Nigerian criminals last year."

Re:Mental translation

[Red+Flayer]

As evidenced by (FTFA):

Another new measure: ChoicePoint this month created a security advisory committee comprised of DiBattiste, the company's CIO, head of internal audit, the chief business officer, chief marketing officer, chief administrative officer and general counsel. The group meets regularly "to ensure we're hitting every aspect of security and privacy," says DiBattiste.

Emphasis mine.

Maybe it's just me, but a roomful of CxOs, including the CMO (WTF? What's wrong with VP of Marketing?[1]), plus a lawyer can only equal one thing -- a PR push plus some moves to limit liability.

[1] Speaking of stupid CxO titles, what the hell is a "Chief Administrative Officer"? We call those "Office Managers" around here... or maybe even "Chief Operations Officer" if we're feeling perky. But who wants a title that screams "Long-tenure secretary"? Maybe it's just a problem with assigning titels to people who sit on the board of a company (e.g., are legal Officers) but fulfill more mundane roles in terms of operations.

Re:Mental translation

THERE ARE NO REPERCUSSIONS! They say oops, a couple of blogs report it, and life goes on for them.

That was my point. If the worse thing that will happen is a small fine and a hand slap, why would they take the risk of actually doing something illegal and going to jail by actually trying to cover up the mistake?

Non-US?

[mr100percent]

ChoicePoint has blocked access to its network from all non-U.S. Internet addresses, with a few exceptions that DiBattiste declined to detail.

To who? ECHELON?

Love this quote...

[Rinzai]

And the company now encrypts all data feeds...

Oh. NOW. That would have been my first idea. Sensitive data? Encrypt it!

That's why I don't work in network security.

Re:Now they need to do quality control

[Poltron+Inconnu]

Nice way to not read your own FA. He worked for Fry's, not Home Depot.

Turn off the spin

[HardCase]

What repercussions? Did they lose business? Sure they got hit with a 10 million dollar fine but look at their financial statements, that is barely a drop in the bucket for them.

It was a total of $15 million, plus another $4 million in other obligations imposed by the FTC (like third party auditing). Insurance covered $11 million of the $19 million, but Choicepoint had to pony up $8 million of their own money. If you look at their financial statments, you'll see that it's no slap on the wrist - it represented half of their cash. In terms of yearly income, it's about 7% of what the company makes. Plus, I suspect that their insurer will either raise their liability insurance rates or drop them altogether.

I'd say that the penalty was fair. It's not necessary to drive the company out of business - just necessary to give them a sting so that they don't do it again.

-h-

Progress Indeed

[SupremoMan]

I have used Choice Point products at my last job. Following their little... ummm... mishap they changed my username (which they assign) from the first latter of my first name followed by my last name to random assortment of character. Progress indeed.

Their Other "Mistake"

[edward.virtually@pob]

When are they going to talk about their "mistake" in 2000 when they helped Bush steal the election in Florida by illegally removing blacks from the voting rolls? Or has everyone forgotten about that by now? It'd sure be nice to see some of these traitors to our country get their Constitutionally mandated punishment, vs. being interviewed in magazines.

Consider the Source

[ZWithaPGGB]

Ms. DiBattiste doesn't have a very good rep as a privacy advocate.