Jump to content

ChoicePoint backs ID theft penalties


Recommended Posts

ChoicePoint backs ID theft penalties, Marketwatch.com, Mar 15

"ChoicePoint said in February it had inadvertently sold the records of around 145,000 individuals to criminals.

"I support increased penalties -- criminal penalties -- for the unauthorized access to information," ChoicePoint (CPS: news, chart, profile) CEO Derek Smith said in remarks prepared for delivery to a House Energy and Commerce subcommittee.

Smith testified along with Kurt Sanford, the president of LexisNexis, whose Seisint unit was a victim of a criminal break-in earlier this month. LexisNexis is part of Anglo-Dutch publishing company Reed Elsevier (RUK: news, chart, profile) (ENL: news, chart, profile) .

LexisNexis is notifying about 32,000 individuals whose personal identification, like Social Security numbers and driver's license information, may have been accessed. Sanford told the subcommittee in written remarks that the company expects to complete mailing notices by Wednesday.

Both Smith and Sanford told lawmakers they support notifying customers when any unauthorized access occurs.

"I support a single, reasonable, nationwide mandatory notification requirement of any unauthorized access to personally identifiable information," Smith said.

Sanford said LexisNexis supports notification when there is "substantial risk of harm to consumers." He echoed Smith in calling for tougher penalties for identity theft and said law enforcement should have greater resources to fight computer hackers."

Link to comment
Share on other sites

You can read the whole text via the FTC search engine. Basically:

The Safeguards Rule requires financial institutions to implement a written program to secure customers’ information.

In addition to mortgage companies and other traditional financial institutions, the Rule covers entities such as payday lenders, tax preparers, auto dealers, credit counselors, and retailers that issue credit cards.

To accommodate the wide range of institutions covered, the Rule allows each institution to develop a program that is appropriate to its size and complexity, the sensitivity of the information it handles, and the nature and scope of its business.

Each institution is required to: (1) assign employees to oversee the program; (2) conduct a risk assessment; (3) take steps to control the risks identified; (4) contractually require service providers to protect customers’ information; and (5) make periodic updates to its security program.

So, the 2 politicians who decided to introduce legislation (making everyone think THEY came up with it), are oblivious that what they were introducing is already in print.

Link to comment
Share on other sites

  • 2 weeks later...
This topic is now closed to further replies.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.. For more information, please see our Privacy Policy and Terms of Use.