FTC Sues ChoicePoint for Sale of Consumer
Data to Identity Thieves |
1/26. The Federal Trade Commission (FTC) filed a
four count civil
complaint
[14 pages in PDF] in U.S. District Court (NDGa)
against ChoicePoint alleging violation
of the Federal Trade Commission Act (FTCA) and the
Fair Credit Reporting Act (FCRA) in
connection with its sale of personal data to identity thieves.
The FTC and ChoicePoint simultaneously filed a joint proposed
stipulated
final judgment [29 pages in PDF]. It provides that "Defendant makes no
admissions to, and denies, the allegations in the Complaint, other than the
jurisdictional facts", but that it is enjoined from violating the FTCA and the
FCRA, that it will pay a "civil penalty" of $10 Million, and pay $5 Million in
consumer redress.
See also, FTC release.
Deborah Majoras, the Chairman of the FTC, stated in this release that "The
message to ChoicePoint and others should be clear: Consumers’ private data must
be protected from thieves ... Data security is critical to consumers, and
protecting it is a priority for the FTC, as it should be to every business in
America."
ChoicePoint is a data aggregator and broker. It sells consumers' personal information
to government agencies, law enforcement entities, and private sector entities, for, among
other purposes, identification, tenant screening, and credential verification. It also
sold consumer data to identity thieves.
The FTC complaint states that "In February 2005,
pursuant to a California state law requirement, ChoicePoint notified
approximately 35,000 California consumers that it may have disclosed their
personal information to persons who did not have a lawful purpose to obtain the
information. Subsequently, ChoicePoint notified approximately 111,000 consumers
outside of California that their information may have been compromised. More
recently, it notified an additional 17,000 consumers, bringing the total to
163,000. In all cases, the information disclosed by ChoicePoint included unique
identifying information that facilitates identity theft, such as dates of birth
and Social Security numbers, as well as nearly 10,000 credit reports. At least
800 cases of identity theft arose out of these incidents."
The complaint further states that "The persons
who obtained this consumer information submitted applications to ChoicePoint and
were approved by the company to be subscribers authorized to purchase
ChoicePoint products and services. The applications contained false credentials
and other misrepresentations, which ChoicePoint failed to detect because it had
not implemented reasonable procedures to verify or authenticate the identities
and qualifications of prospective subscribers."
For example, ChoicePoint accepted "facially
contradictory or illogical application information".
Count I of the complaint alleges violation of
Section 604 of the FCRA,
which is codified at 15 U.S.C. § 1681b. This section prohibits a consumer reporting agency
(CRA) from furnishing a consumer report except for specified permissible purposes. The
complaint alleges that ChoicePoint violated this section by selling consumer reports for
non-permissible purposes.
Count II of the complaint alleges violation of
Section 607(a) of the FCRA,
which is codified at 15 U.S.C. § 1681e(a). This
section requires CRAs to maintain reasonable procedures to limit the furnishing
of consumer reports to the purposes listed under Section 604 of the FCRA,
including making reasonable efforts to verify the identity of each new
prospective user of consumer report information and the uses certified by each
prospective user prior to furnishing such user a consumer report.
Count III of the complaint alleges violation of Section 5 of the FTCA, which
is codified at
15
U.S.C. § 45(a). It provides, in part, that "Unfair methods of competition in or
affecting commerce, and unfair or deceptive acts or practices in or affecting commerce,
are hereby declared unlawful."
The complaint alleges that ChoicePoint's failure to "employ reasonable and
appropriate security measures to protect consumers' personal information" is an
unfair act or practice in violation of Section 5 of the FTCA.
Count IV of the complaint also alleges violation of Section 5 of the FTCA. This count
alleges that ChoicePoint violated Section 5 by violating the privacy policy published in
its web site, which asserts that it has implemented reasonable and appropriate measures
under the circumstances to maintain and protect the confidentiality and security of
consumers' personal information.
The complaint names only one defendant, ChoicePoint, Inc.
Also, the complaint does not allege that ChoicePoint has sold data products, without
complying with the FCRA, as non-FCRA regulated products, that are in fact products that
fall within the scope of the FCRA. Nor does the complaint allege any violation of the FTCA
for sale of products that fall outside of the scope of the FCRA, but that
nevertheless circumvent the policy that underlies the FCRA.
For example, on December 16, 2004, the Electronic
Privacy Information Center (EPIC) wrote a
letter
to the FTC in which it urged the FTC to investigate this topic. The EPIC
asserted that data aggregation companies are now structuring their electronic databases,
and data products, to fall outside of the scope of the FCRA, thereby threatening individual
privacy, and the policy goals underlying the FCRA.
The EPIC wrote that "Americans face a return to the pre-FCRA era if companies
like ChoicePoint can amass dossiers on Americans without compliance with any
regime of Fair Information Practices. That era was marked by unaccountable data
companies that reported inaccurate, falsified, and irrelevant information on
Americans, sometimes deliberately to drive up the prices of insurance or credit.
To some extent, this pre-FCRA area has returned." (Footnote omitted.)
See, story titled "EPIC Urges FTC to Open Investigation on Data Products and
FCRA" in TLJ Daily
E-Mail Alert No. 1,042, December 22, 2004.
FTC action on this issue could impact sales of data to government and law
enforcement agencies.
ChoicePoint is represented in this action by Robert Belair, Karla Letsche and
Kevin Coy of the law firm of Oldaker Biden &
Belair, and by Joel Jankowsky and Daniel McInnis of the law firm of
Akin Gump Strauss Hauer & Feld.
ChoicePoint issued a
release on January 26, 2006, regarding its revenues. It reported "record total
revenue of $1.1 billion for 2005, a 15 percent increase over total revenue in
2004."
It continued that "Full year 2005 Earnings Per Share ("EPS") from
continuing operations was $1.53, which included a $0.24 per share dilutive effect of
specific expenses related to the previously disclosed fraudulent data access, a
probable settlement with the Federal Trade Commission ("FTC"), and the
abandonment of certain leases."
It also stated that it "expects to finalize a settlement with the FTC
regarding its investigation into the Company's compliance with federal laws
governing consumer information security and related issues, including the
fraudulent data access which occurred last year. The Company expects the terms
of the settlement to call for a civil penalty, establishment of a fund to be
administered by the FTC for consumer redress initiatives, completion of certain
one-time and on-going customer credentialing activities such as additional site
visits, and undertaking additional obligations relating to information security.
As part of this settlement, the Company does not admit to the truth of, or
liability for, any of the matters alleged by the FTC."
And, it stated that "On-going legal expenses related to the fraudulent data
access are currently estimated at $4 to $6 million for 2006, exclusive of any
potential settlements, with the majority of these expenses incurred during the
first two quarters."
See also, stories titled "EPIC Seeks Congressional Hearing and FTC Workshop
on Data Products and FCRA" in
TLJ Daily E-Mail
Alert No. 1,052, January 10, 2005; "ChoicePoint Describes Its Sale of Data
to Identity Thieves" in
TLJ Daily E-Mail
Alert No. 1,081, February 23, 2005; "Senate Banking Committee Holds Hearing
on Data Security" in
TLJ Daily E-Mail
Alert No. 1,093, March 11, 2005; "House Subcommittee Holds Hearing on Data
Aggregators" in TLJ
Daily E-Mail Alert No. 1,096, March 16, 2005; and "Senate Judiciary
Committee Holds Hearing on Data Security" in
TLJ Daily E-Mail
Alert No. 1,115, April 14, 2005.
Also, on January 26, 2006, the Department of the Treasury (DOT) began sale of a
DVD, for $2, titled "Identity Theft: Outsmarting the Crooks". See, DOT
release.
|
|
|
Korea Relaxes Trade Barriers to
Foreign Movies |
1/26. The government of South Korea announced in a
release that it has "decided to halve its 40-year-old ``screen quota,´´ the
mandatory period for theaters to show domestic films every year, to 73 days, to
clear the way for its free trade agreement (FTA) with the United States." Korea
also stated that this rules out the possibility of a complete abolition.
Bob Portman, the U.S. Trade Representative (USTR),
stated in a
release
that "The decision by Korea to liberalize its restrictions on foreign films is good
news for Korean movie-goers and the US film industry. The long-standing Korean requirement
that domestic films be shown on local theater screens 146 days out of the year placed US
movies at a significant disadvantage. Today’s move to reduce the requirement by half to 73
days will help level the playing field and increase movie choices for Koreans."
He added that "Over the years, the South Korean movie industry has become
increasingly competitive and it has recently gained an international reputation
for producing high quality material. Now is the right time to give Korean
cinemas more flexibility regarding what they can and cannot show."
|
|
|
Bush Asserts Power to Use Technology to
Protect the American People |
1/26. President Bush held a news conference at the White House. He was asked
about the National Security Agency's (NSA)
extrajudicial surveillance of communications where one party is in the U.S. and
one party is outside. Bush asserted that he has authority "to use technology to
protect the American people".
He said also that "I'm going to continue using my authority. That's what the
American people expect." See,
transcript.
Bush added that "the FISA law was written
in 1978. We're having this discussion in 2006. It's a different world."
|
|
|
|
Washington Tech Calendar
New items are highlighted in red. |
|
|
Friday, January 27 |
The House will not meet. It will convene for the 2nd Session of the 109th
Congress on Tuesday, January 31, 2006. See, Majority Whip's
calendar.
The Senate will meet at 12:00 NOON. It will resume consideration of
Sam Alito to be a Justice of the Supreme Court.
9:30 AM - 1:00 PM The DC
Bar Association will host a continuing legal education (CLE) seminar titled
"Essential Checklist for Electronic Discovery". The speakers will
include Kenneth Withers (The Sedona Conference), Judith Kinney (Legal Technologies
Consulting, Kroll Ontrack), Robert Eisenberg (DOAR Litigation Consulting), Magistrate
Judge John Facciola (U.S. District Court, DC), and Jonathan Redgrave (Redgrave Daley
Ragan & Wagner). The price to attend ranges from $70-$125. For more information,
call 202 626-3488. See,
notice.
Location: D.C. Bar Conference Center, 1250 H Street NW, B-1 Level.
12:00 NOON - 1:30 PM. The Progress and
Freedom Foundation (PFF) will host its "Second Annual Media Luncheon".
RSVP to Amy Smorodin at 202-969-2957 or asmorodin at pff dot org. Location: The City
Club of Washington at Franklin Square, 1300 I Street, NW.
|
|
|
Sunday, January 29 |
Deadline to submit replies to oppositions to the U.S. Telecom Association's
petition [PDF] seeking reconsideration and clarification of the
Federal Communications Commission's (FCC) CALEA
order. This is the FCC's order that provides that facilities based broadband service providers
and interconnected VOIP providers are subject to requirements under the 1994
Communications
Assistance for Law Enforcement Act (CALEA). See,
notice
in the Federal Register, January 4, 2006, Vol. 71, No. 2, at Pages 345 - 346.
|
|
|
Monday, January 30 |
10:00 AM - 5:00 PM. The Federal
Communications Commission's (FCC) advisory committee named "Independent Panel
Reviewing the Impact of Hurricane Katrina on Communications Networks" will meet. See,
FCC release
[PDF]. Location: FCC, Commission Meeting Room, 445 12th Street, SW.
4:00 - 5:30 PM. The
American Enterprise Institute (AEI) will host a panel
discussion titled "The WTO Dispute Settlement System and Developing
Countries". Marc Busch
(Georgetown University) and Eric
Reinhardt (Emory University) will present a paper. The other speakers will be Timothy
Reif (House Ways and Means Committee staff),
Jay Smith (Georgetown University law school), and Claude Barfield (AEI). See,
notice. Location: AEI, 12th floor, 1150 17th St., NW.
|
|
|
Tuesday, January 31 |
Alan
Greenspan's last day as Chairman of the
Federal Reserve Board (FRB).
The House will convene for the 2nd Session of the
109th Congress. See, Majority Whip's
calendar. Votes will begin at about 3:30 PM.
RESCHEDULED FOR JANUARY 24. 10:00 AM. The
Senate Commerce Committee
(SCC) will hold a hearing titled "Broadcast and Audio Flag". Press
contact: Melanie Alvord (Stevens) at 202 224-8456, Aaron Saunders (Stevens) at 202 224-3991,
or Andy Davis (Inouye) at 202 224-4546. The hearing will be webcast by the SCC.
Location: __.
RESCHEDULED FROM JANUARY 24. 10:00 AM. The
Senate Commerce Committee (SCC) will hold a
hearing titled "Video Franchising". The
witnesses will be Ivan Seidenberg (Verizon), James Ellis (AT&T), Thomas Rutledge
(Cablevision Systems Corporation), Brad Evans (Cavalier Telephone), Lori Tillery
(National Association of Telecommunications Officers and Advisors), Anthony
Riddle (Alliance for Community Media), Gene Kimmelman (Consumers Union), and Gigi
Sohn (Public Knowledge). See,
notice. Press
contact: Melanie Alvord (Stevens) at 202 224-8456, Aaron Saunders (Stevens) at 202 224-3991,
or Andy Davis (Inouye) at 202 224-4546. The hearing will be webcast by the SCC. Location:
Room 562, Dirksen Building.
RESCHEDULED FROM JANUARY 24. 2:30 PM. The
Senate Commerce Committee (SCC) will hold a
hearing titled "Video Content". See,
notice. Press
contact: Melanie Alvord (Stevens) at 202 224-8456, Aaron Saunders (Stevens) at 202 224-3991,
or Andy Davis (Inouye) at 202 224-4546. The hearing will be webcast by the SCC.
Location: Room 562, Dirksen Building.
9:00 PM. President Bush will give a speech titled "State
of the Union Address" to a joint session of the House and
Senate. Location: U.S. House of Representatives.
Extended deadline to submit comments to the
Internet Corporation for Assigned Names and Numbers
(ICANN) regarding its Policy Development Process on new gTLDs. See, ICANN
notice.
Extended deadline to submit nominations for members of the Spectrum
Management Advisory Committee to the Department of Commerce's
National Telecommunications
and Information Administration (NTIA). See, original NTIA
release and
notice
of extension.
|
|
|
Wednesday, February 1 |
2:00 - 4:00 PM. The Department of State's
International Telecommunication
Advisory Committee (ITAC) will hold the fourth in a series of weekly meetings to
prepare for the International Telecommunications Union's (ITU)
2006 ITU Plenipotentiary Conference,
to be held November 6-24, 2006, in Antalya, Turkey. See,
notice in the Federal Register, December 21, 2005, Vol. 70, No. 244, at Page 75854.
This notice incorrectly states that these meetings will be held on Tuesdays; they are on
Wednesdays. For more information, contact Julian Minard at 202 647-2593 or minardje at
state dot gov. Location: AT&T, 1120 20th St., NW.
Ben Bernanke begins his term as Chairman of the
Federal Reserve Board (FRB).
Deadline for the National
Cable & Telecommunications Association's (NCTA) and
Consumer Electronics Association (CEA) to file their
third round of status reports with the Federal
Communications Commission (FCC) regarding progress in talks regarding the
feasibility of a downloadable security solution for integrating navigation and
security functionalities in cable set top boxes. See, FCC's
Second Report and Order [37 pages in PDF] adopted and released on March 18,
2005. This order is FCC 05-76 in CS Docket No. 97-80. See also, FCC
release [PDF] summarizing this order, and story titled "FCC Again Delays
Deadline for Integrating Navigation and Security Functionalities in Cable Set
Top Boxes" in TLJ Daily E-Mail Alert No. 1,099, March 21, 2005. See also,
notice of extensions (DA 05-1930) [2 pages in PDF].
|
|
|
Thursday, February 2 |
9:30 AM. The
Senate Judiciary Committee may hold an executive business meeting.
Location: Room 226, Dirksen Building.
Deadline to submit reply comments to the
Copyright Office in response to its notice of
inquiry (NOI) regarding exempting certain classes of works from the prohibition against
circumvention of technological measures that control access to copyrighted works. See,
17 U.S.C. § 1201(a), and
notice in the Federal Register, October 3, 2005, Vol. 70, No. 190, at
Pages 57526 - 57531.
Deadline to submit reply comments to the
Federal Communications Commission (FCC) in
response to its
Notice of
Proposed Rulemaking (NPRM) [24 pages in PDF] regarding amendments to its
unsolicited facsimile advertising rules and the established business relationship
(EBR) exception to the rules. This NPRM was adopted by the FCC on December 9, 2005, and
released on December 9, 2005. It is FCC 05-206 in CG Docket No. 02-278. See,
notice in the Federal Register, December 19, 2005, Vol. 70, No. 242, at
Pages 75102 - 75110.
Deadline to submit reply comments to the
Federal Communications Commission (FCC) in response to a
petition for declaratory ruling [34 pages in PDF] filed by the Fax Ban Coalition
that asks the FCC to find that the FCC has exclusive authority to regulate interstate
commercial fax messages, and that § 17538.43 of the California Business and
Professions Code, and all other State laws that purport to regulate interstate
facsimile transmissions, are preempted by the TCPA, which is codified at
47 U.S.C. § 541.
|
|
|
Friday, February 3 |
9:30 AM. The U.S.
Court of Appeals (DCCir) will hear oral argument in Mobile Relay
Association v. FCC, No. 04-1413. Judges Sentelle, Henderson and Tatel will preside.
This is a case regarding the FCC reorganization of the 800 MHz band. See, FCC
brief [PDF]. Location: Prettyman
Courthouse, 333 Constitution Ave., NW.
|
|
|
About Tech Law Journal |
Tech Law Journal publishes a free access web site and
subscription e-mail alert. The basic rate for a subscription
to the TLJ Daily E-Mail Alert is $250 per year. However, there
are discounts for subscribers with multiple recipients. Free one
month trial subscriptions are available. Also, free
subscriptions are available for journalists,
federal elected officials, and employees of the Congress, courts, and
executive branch. The TLJ web site is
free access. However, copies of the TLJ Daily E-Mail Alert are not
published in the web site until one month after writing. See, subscription
information page.
Contact: 202-364-8882.
P.O. Box 4851, Washington DC, 20008.
Privacy
Policy
Notices
& Disclaimers
Copyright 1998 - 2005 David Carney, dba Tech Law Journal. All
rights reserved. |
|
|