St. Petersburg Times
Special report
Video report
  • For their own good
    Fifty years ago, they were screwed-up kids sent to the Florida School for Boys to be straightened out. But now they are screwed-up men, scarred by the whippings they endured. Read the story and see a video and portrait gallery.
  • More video reports
Multimedia report
Print Email this storyEmail story Comment Email editor
Fill out this form to email this article to a friend
Your name Your email
Friend's name Friend's email
Your message

ChoicePoint data breach settlement: $15-million

The fine is the largest in the history of the FTC. Remaining is an SEC probe of top executives' stock sales.

Associated Press
Published January 27, 2006

ATLANTA - Derek Smith and the influential data broker he runs, ChoicePoint Inc., have labored to put behind them a headline-grabbing case in which con artists posed as legitimate customers to access its massive databases of consumer information.

ChoicePoint of Alpharetta, Ga., changed to restrict customer access in the past year - even winning praise from some critics - but is still finding it difficult to emerge from the shroud of scandal.

On Thursday, Smith's company agreed to pay $15-million to settle Federal Trade Commission charges that the data warehouser's security and record-handling procedures violated consumers' privacy rights. It was the largest such fine in FTC history.

The episode also lingers in the form of a Securities and Exchange Commission investigation into whether Smith and his chief operating officer improperly sold ChoicePoint shares after the company learned of the data breach but before it was made public.

Meanwhile, lawmakers in Washington might step in with tougher regulations that some say still need to be implemented to prevent another breach.

"I remain concerned that almost a year after revelations of data security breaches at ChoicePoint, Congress still has not provided Americans with what they urgently need - tough privacy safeguards to keep their personal information secure," said Rep. Edward Markey, D-Mass., who has authored two bills on the subject.

All this has been a bit of a personal trial for Smith, who saw an alternative weekly publish his home address, telephone number and the value of his suburban estate - the kinds of details that ChoicePoint sells on consumers every day. The company's customers include the federal government, insurance companies and businesses that want background checks on prospective employees.

Smith said Thursday he hasn't considered stepping down.

Company shares sank 7 percent Thursday, on a day ChoicePoint also reported a more than 29 percent decline in its fourth-quarter profit.

The FTC said that it had fined the company $10-million - the biggest the agency has ever imposed - and that ChoicePoint would pay an additional $5-million to compensate consumers.

Previously, the largest FTC fine was for $7-million against medical device maker Boston Scientific Corp. related to competition issues.

While this fine was small in one regard - ChoicePoint generated $1-billion in sales in 2005 - it was big by government standards and serves as a strong message to corporations to safeguard consumer information, said Larry Ponemon, a privacy adviser who runs a research institute.

The data breach involved thieves posing as small-business customers who gained access to ChoicePoint's database, possibly compromising the personal information of 163,000 Americans, according to the FTC. The company discovered the breach more than four months before disclosing it to the public in February 2005.ChoicePoint has said authorities asked it to keep the information secret initially.

The FTC said the number of fraud victims now stands at about 800. The company also is a defendant in several lawsuits and complaints arising from the breach. Several lawmakers said Thursday there needs to be more federal oversight of the loosely regulated data-brokering business.

Thursday's settlement requires ChoicePoint to implement new procedures to make sure only legitimate businesses with lawful purposes access its information. It also must create a comprehensive information security program and obtain audits by an independent third party security professional every other year until 2026.

The company, which has hired a privacy officer and stopped selling its reports to several kinds of customers since the breach, did not admit to any wrongdoing in the FTC inquiry.

The Securities and Exchange Commission probe is looking into trades by Smith and Doug Curling, chief operating officer, that netted them $16.6-million in profit before the breach was publicized. A California law requiring that its citizens be notified of any such leaks prompted the disclosure.

ChoicePoint has said the stock trading was prearranged and approved by the company's board. Company officials said Thursday they are cooperating with the SEC.

Smith would not say whether he has spoken to the SEC or provided documents, though he did say he is eager for the probe to conclude.

"I certainly expect it's going to be favorable as to any issue related to me or ChoicePoint," Smith said.

The FTC settlement came hours after the company reported its fourth-quarter profit fell to $27.7-million, or 30 cents a share, in the quarter ended Dec. 31, compared with a profit of $39.2-million, or 43 cents a share, for the same period a year ago.

[Last modified January 27, 2006, 01:34:02]

Share your thoughts on this story

[an error occurred while processing this directive]
Subscribe to the Times
Click here for daily delivery
of the St. Petersburg Times.

Email Newsletters