I am the lead software arc for a competitor of Choicepoint's and, although I do feel this situation is extremely serious and understand why people are pissed off, find it odd anyone would demand that Choicepoint be closed, CEO jailed, etc...
Regardless of the privacy issues, someone is going to store, manage and sell your information because it fills a valuable need in a whole host of circumstances. It is vitally important to verify someone's background prior to oferring a job or accepting volunteers. This isn't just job justification here. It goes without saying that you cannot allow convicted thieves to work a cash register job or child molesters to volunteer for the Cub Scouts (two things that are surprisingly common). Ah.. but wait, can't the organizations verify information themselves going through county and state govt records? The answer, even if you throw away the cost, time and materials and added personnel, is no, not completely. Here's why. When people apply for a job, volunteer or anything else that requires their past be investigated, there is always a spot for your current address and sometimes a spot for your previous addresses. It used to be that the company you are applying with took your word that you lived where you said you lived and they only investigated those counties, states, etc... If you committed a crime in a county you didn't want revealed, you simply didn't fill it out. Nowadays, regardless of what you put on the application, all of your previous addresses will be discovered and searched (depending how many back the searching company is willing to pay for -- usually 3 to 5). This is a very valuable service and out of reach for companies and organizations that don't specialize in this type of research. Speaking as a father and not a background researcher, I'm glad that the Girl Scouts (using Choicepoint) screen every volunteer in this fashion . I'd think you all would be too.
Now bear in mind that I'm not defending Choicepoint. Hell, it would benefit me greatly if they were closed down. I do find their account setup procedures to be unbelievably remiss. We require DUNS number, plus corp bank account/history/references and articles of incorp (if applicable) and will not establish an account without them (even then account is ran in audit state for two months to ensure compliance). Keep in mind that if your organization wants run credit reports or motor vehicle searches, then there is an entire mountain of paperwork that must be completed, filed and approved by state DOT and the three credit companies. We also require client certs from integration clients and store no info in our db that isn't encrypted. I believe Choicepoint does the same. The way I understand that the info was compromised was that fake accounts were set up, a list of names was purchased from somewhere, and those names were then searched (either credit report or skip trace or some other identifying report) to obtain the information. Choicepoint's failure lay in social engineering and poor account verification practices.
What it comes down to is, someone is going to keep and store your information. Would you rather it was the govt with its track record of managing security and accuracy or private industry? Me, I'll take private industry.
Slashdot Mirror
I am the lead software arc for a competitor of Choicepoint's and, although I do feel this situation is extremely serious and understand why people are pissed off, find it odd anyone would demand that Choicepoint be closed, CEO jailed, etc...
.. but wait, can't the organizations verify information themselves going through county and state govt records? The answer, even if you throw away the cost, time and materials and added personnel, is no, not completely. Here's why. When people apply for a job, volunteer or anything else that requires their past be investigated, there is always a spot for your current address and sometimes a spot for your previous addresses. It used to be that the company you are applying with took your word that you lived where you said you lived and they only investigated those counties, states, etc... If you committed a crime in a county you didn't want revealed, you simply didn't fill it out. Nowadays, regardless of what you put on the application, all of your previous addresses will be discovered and searched (depending how many back the searching company is willing to pay for -- usually 3 to 5). This is a very valuable service and out of reach for companies and organizations that don't specialize in this type of research. Speaking as a father and not a background researcher, I'm glad that the Girl Scouts (using Choicepoint) screen every volunteer in this fashion . I'd think you all would be too.
Regardless of the privacy issues, someone is going to store, manage and sell your information because it fills a valuable need in a whole host of circumstances. It is vitally important to verify someone's background prior to oferring a job or accepting volunteers. This isn't just job justification here. It goes without saying that you cannot allow convicted thieves to work a cash register job or child molesters to volunteer for the Cub Scouts (two things that are surprisingly common). Ah
Now bear in mind that I'm not defending Choicepoint. Hell, it would benefit me greatly if they were closed down. I do find their account setup procedures to be unbelievably remiss. We require DUNS number, plus corp bank account/history/references and articles of incorp (if applicable) and will not establish an account without them (even then account is ran in audit state for two months to ensure compliance). Keep in mind that if your organization wants run credit reports or motor vehicle searches, then there is an entire mountain of paperwork that must be completed, filed and approved by state DOT and the three credit companies. We also require client certs from integration clients and store no info in our db that isn't encrypted. I believe Choicepoint does the same. The way I understand that the info was compromised was that fake accounts were set up, a list of names was purchased from somewhere, and those names were then searched (either credit report or skip trace or some other identifying report) to obtain the information. Choicepoint's failure lay in social engineering and poor account verification practices.
What it comes down to is, someone is going to keep and store your information. Would you rather it was the govt with its track record of managing security and accuracy or private industry? Me, I'll take private industry.
Alex