Paying for Poor Security

Paying for Poor Security

by / July 28, 2005
When data warehouse giant ChoicePoint revealed earlier this year that it was fooled by scammers into releasing personal data on 145,000 citizens throughout the United States, the company, in effect, revealed that those folks are among the millions of people vulnerable to ID theft.

Worse, this is the second time ChoicePoint's safe has been cracked. Unfortunately for those whose identities were compromised, the company kept the first incident a secret.

ChoicePoint is not alone in its culpability. According to a Washington Post article, nearly 50 million personal accounts stolen from private companies are vulnerable to ID theft.

Those 50 million people are now at risk of joining the approximately 10 million people per year who find themselves victims of identity fraud. Each victim will spend an average of 600 hours and about $1,400 straightening out the ensuing mess, according to the Consumers Union.

ChoicePoint offered each of the 145,000 victims one year of free credit monitoring as compensation, but one attorney says that's not enough time for a potential victim to know if his or her identity is being used fraudulently.

Attorney Peter Binkow is suing ChoicePoint, saying he wants the company to extend the year of free credit monitoring. He may even ask for monetary damages.

Binkow's client happens to be the mother of one of his law firm partners. She received a letter from ChoicePoint saying her personal information had been compromised, and like most victims, had no idea what to do. So she took the letter to her son.

Experts say it's unlikely that a suit against ChoicePoint would yield a monetary reward, but that such a reward may just be the incentive needed to induce private-sector companies to protect consumers' personal data.

That's one of the messages coming through loud and clear in this month's Q&A interview with internationally renowned security guru Bruce Schneier.

He believes that selling personal information should be illegal, and that private enterprises should assume more responsibility for identity fraud affecting their customers. Schneier said basic economics clearly shows that the problems will persist until banks and other institutions are held liable for fraud.

Schneier points to Europe as having better data protection laws than the United States, and suggests the U.S. government play a role in this fight as well -- passing laws that regulate the security and privacy of the personal information with which it is entrusted.

That step seems unlikely, given the federal government's trend of seeking more data on citizens despite privacy concerns.
Jim McKay, Justice and Public Safety Editor Justice and Public Safety Editor