Lawmakers Grill Choice Point Over Security Concerns

The hearing follows a furor after criminals breached confidential files at the data broker.

By Marc Lifsher

Times Staff Writer

March 31, 2005

SACRAMENTO ‘ Data broker ChoicePoint Inc., the focus of a national
furor over privacy, said Wednesday that it supported legislation that
would allow people to see ‘ and correct, if necessary ‘ records the
company kept on them.

Don McGuffey, the company’s vice president for data acquisition, told
the state Senate’s Banking, Finance and Insurance Committee that
ChoicePoint was developing a system to give individuals "a single point
of access" to review a variety of reports generated from databases that
are sold to law enforcement and government agencies, employers,
landlords and insurers.

"You will receive the reports that we have on you," McGuffey said at a hearing.

ChoicePoint, based in Alpharetta, Ga., revealed last month that
identity thieves had tapped confidential data in its files on as many
as 145,000 people. As part of an effort to prevent a recurrence, the
company is altering millions of records to keep clients from seeing
full Social Security or driver’s license numbers, McGuffey said.

ChoicePoint’s offer to give people access to their own data
appears to be at least conceptually in line with the wishes of the
committee chairwoman, Sen. Jackie Speier (D-Hillsborough). Speier
recently introduced a bill aimed at regulating the burgeoning data
sales industry.

Although the proposal ‘ which so far contains few specifics ‘
would not directly address the problem of identity theft, it would
bring accountability to a business "that has grown up overnight with no
regulations whatsoever," Speier said.

It’s unclear whether lawmakers will seek to require companies
to provide people with access to their own records for free; another
data broker represented at Wednesday’s hearing, the LexisNexis unit of
Reed Elsevier, said it provided consumers with access only to data
compiled from public records ‘ and charged them $22.

Privacy advocates supported Speier’s efforts. "Consumers have
to jump over many hurdles to find out what information is out there," said Richard Holober, executive director of the Consumer Federation of California.

Government must help people get information from their own files, said
Elizabeth Rosen, a Los Angeles registered nurse who testified at
Wednesday’s hearing. Rosen and about 35,000 other Californians got
letters last month from ChoicePoint warning them that their records had
been seen by criminals posing as merchants. The personal and financial
information could be used to open phony credit card accounts or to buy
goods under an assumed name.

Rosen said ChoicePoint’s letter to her also indicated that she
had been involved in a crime and that law enforcement officers were
investigating the matter ‘ without explaining the crime or indicating
whether it resulted from the theft of her records. Rosen said she was
afraid "that a terrorist was using my identity" and she wanted to
review her complete record with ChoicePoint.

ChoicePoint, she said, refused to make all the information available,
and the six pages of data drawn from public records it sent her were
full of mistakes, listing erroneous addresses, business ownerships and
employment.

ChoicePoint’s McGuffey said he was unfamiliar with Rosen’s case.

ChoicePoint wrote to Rosen only because of a 2003 California
law, the first in the nation, that forced the company to contact all
potential identity theft victims in the state. Later, the company
voluntarily informed 110,000 people in other states after the incident
drew widespread attention, provoking expressions of outrage from
lawmakers.

The Los Angeles County Sheriff’s Department said it had found 750
people allegedly defrauded by the identity theft gang. The group
operated for more than a year before the arrest in October of a man
living in North Hollywood, the Sheriff’s Department said.

Article licensing and reprint options

Copyright 2005 Los Angeles Times