Sunday, January 29, 2006

"Next time you break into our database, could you please leave the Californians alone?"

On Thursday the Federal Trade Commission (FTC) and consumer targeting information company ChoicePoint reached a landmark $15 million settlement for endangering the privacy of more than 160,000 consumers in February 2005.

The settlement includes a $10 million fine, the largest so far for a privacy breach.

A further $5 million is set aside by ChoicePoint to compensate consumers who fell victim to identity theft as a result of the breach. Since the FTC said 800 consumers ended up being victimized, this settlement sets an interesting benchmark of around $60,000 per record for privacy breach compensation where marketing data are involved.

ChoicePoint's database was compromised by criminals who set up fraudulous accounts that enabled them to access 162,000 records. Interestingly the whole affair only came to light because ChoicePoint had to comply with California's 2003 disclosure law, requiring the company to disclose security breaches to state residents whose information has been affected.

No comments: