Posted by Peter Mucklestone and Stuart Louie

On January 26, 2006, the Federal Trade Commission announced that a settlement had been reached with consumer data broker, ChoicePoint, Inc. ChoicePoint was charged with (i) violating the Fair Credit Reporting Act (FCRA) by furnishing consumer reports to subscribers who did not have a permissible purpose to obtain them, (ii) failing to maintain reasonable procedures to verity both the subscribers’ identities and how such subscribers intended to use such information, and (iii) making false and misleading statements about its privacy policies. As a direct result of these violations, the personal financial records of more than 163,000 consumers were compromised resulting in no less than 800 cases of identity theft.

The terms of the settlement require ChoicePoint to pay $10 million in civil penalties and $5 million in consumer redress. In addition, ChoicePoint must implement new procedures to ensure that it provides consumer reports only to legitimate business for lawful purposes, to establish and maintain a comprehensive information security program, and to obtain audits by an independent third-party security professional every other year until 2026.

Deborah Platt Majoras, Chairman of the FTC, acknowledge that, “the message to ChoicePoint and others should be clear: Consumers’ private data must be protected from thieves. Data security is critical to consumers, and protecting it is a priority for the FTC, as it should be to every business in America.”

More information here.