(Phoenix, Ariz. – May 31, 2007) Attorney General Terry Goddard today announced a multi-state $500,000 settlement with ChoicePoint, a Georgia-based company, resolving allegations that it failed to adequately maintain the privacy and security of consumers’ personally identifying information stored in its database. Goddard joined 43 other state Attorneys General in this settlement.
ChoicePoint provides identification and credential verification services to credit providers, government agencies, landlords and others who perform credit history and background checks. Among its activities, ChoicePoint collects, maintains and distributes personally identifying information.
In February 2005, ChoicePoint announced that identity thieves posing as legitimate businesses gained access to personally identifying information. At least four individuals have been convicted of crimes related to the fraud and are incarcerated.
In the wake of these crimes, ChoicePoint mailed more than 145,000 notices to consumers across the country whose information may have been viewed or acquired by the ID thieves.
This settlement requires ChoicePoint to make significant changes in the way it credentials new customers who have access to personally identifying information. For the first time, a data broker has agreed to safeguard publicly available personal information using the same strict credentialing methods it now uses to safeguard financial information that is protected by law.
“This settlement is an important step in protecting consumers from becoming victims of ID theft through no fault of their own,” Goddard said.
The settlement, in the form of an Assurance of Discontinuance, requires ChoicePoint to pay the participating states $500,000. Among other things, ChoicePoint agreed to follow new procedures designed to verify the legitimacy of a customer applying for access to personal information. ChoicePoint will also closely evaluate customer applications at a number of different stages before granting access to the information it maintains. These steps will help ensure that personal information does not fall into the wrong hands.
In 2006, ChoicePoint settled with the Federal Trade Commission and set aside $5 million to compensate consumers who suffered out-of-pocket expenses related to identity theft resulting from the company’s security breach. The deadline to submit a claim form to the FTC is June 22, 2007. If consumers meet the eligibility requirements for redress, they can complete the redress form and submit that for consideration. More information is available at ftc.gov/bcp/conline/cases/choicepoint/index.shtm.
Joining Arizona in today’s settlement are: Alabama, Alaska, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Hawaii, Idaho, Illinois, Indiana, Iowa, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, South Dakota, Tennessee, Texas, Vermont, Virginia, Washington, West Virginia, Wisconsin and the District of Columbia.
The Assurance of Discontinuance requires court approval. Assistant Attorney General Dena Rosen Epstein handled this case.