Thursday, January 26, 2006

Data Breach Costs ChoicePoint $15 Million - But the Industry More!

In an historic settlement ChoicePoint, one of the largest re-sellers of comsumer personal data, has agreed to pay the Federal Trade Commission $15 million dollars as penance for their data breach that made headlines recently. This represents the largest civil penalty ever in the FTC's history.

This incident, the publicity that ensued, and the resulting settlement is likely to have a far reaching impact on the employment screening industry and the public it serves. Rather than enforcing reasonable and effective standards for controlling access to the information employers need to make appropriate hiring decisions, we are already seeing more restrictions on what data will be available to employers. Some of the restrictions, such as truncated dates of birth and other identifiers, are coming from within the industry in anticipation of increased government scrutiny.

Sadly, the data breaches that occurred at ChoicePoint could have easily been prevented had proper procedures been followed. The data was not stolen by hackers, nor were data tapes lost in transit. Consumer data was sold to bogus companies that used fake documentation to set up client accounts. Sources say that Choicepoint continued to sell data, such as credit reports, to these companies even after employees flagged them as suspicious. "This is an example of what can happen when a company becomes primarily sales driven", says Asset Control's President,Russ Rosenberg. "I've seen it many times in my career - a tendancy for sales to overahadow internal controls and true concern for the consumer. Data sellers see their products as quick sales and the customer gets lost in the process", Rosenberg states.

What questions should clients ask when they are shopping for a quality background screening company? First, ask if the agency is providing real court record searches and not repackaged data. Second, ask if your primary contact with the agency will be an employment screening expert and not just a salesperson. Clients need to have their questions answered by someone with human resource or security experience. Finally, ask how the agency is ensuring the security of your employees personal identifying data. "Sometimes size does matter", contends Rosenberg. "Customers tend to get lost in the behemoth sized companies. Smaller companies can give the client a more personal level of service and pricing is going to very similar".

When shopping for a background screening company don't be offended if they ask you to documentation that your business is legitimate. Their livelihood is on the line. Often agencies will ask to physically inspect your place of business, particularly if consumer credit data is involved. Current business licenses, tax ID certificates, charters, incorporation documents and other forms of documentation may be requested. Ironically, these are the same requirements imposed upon the industry by companies like Choicepoint, that they themselves chose not to follow.


At 3:01 PM, Anonymous Anonymous said...

Who would have thunk Choice Point would have been tie up with the Feds?????


Post a Comment

<< Home