For government security and intelligence agencies who are barred by the Privacy Act of from maintaining dossiers on individuals not suspected in wrongdoing, signing contracts with the data aggregators allows them to circumvent such laws by accessing the dossiers kept by the private sector.
ChoicePoint, for example, claims to have contracts with at least 35 government agencies. The growing surveillance nexus between the private sector and government is the subject of the ACLU report ""The Surveillance-Industrial Complex,"" online at www.
What do we need to do to fix this problem? ChoicePoint and its competitors have succeeded in laughing all the way to the bank as they collect information on consumers without their knowledge, sell it promiscuously, save money by shortchanging security and customer service, and then keep the resulting problems out of public view where these companies prefer to operate.
In the face of this situation, the government must step in to protect Americans privacy. The United States is the only major industrialized nation in the world that does not have a broad privacy law and a privacy minister to enforce it. Such a law must be enacted. The outlines of what such a law should contain are expressed in a broad set of privacy principles that have gained recognition around the world as the human rights standard for privacy.
Those principles include:. What should I do if I fall victim to identity theft? Consumers needing help and information about individual identity theft problems should contact the Privacy Rights Clearinghouse or the Identity Theft Resource Center. Thanks to Bruce Schneier for drawing attention to this statement. September 9, Statement of Robert J. General Accounting Office. FAQ on ChoicePoint. For example: Just days after the ChoicePoint debacle became public, Bank of America disclosed that it had lost computer tapes containing the social security numbers and account information of 1.
A few weeks later, another data company, Lexis-Nexis, revealed that 32, records on American citizens had been obtained by hackers. Those principles include: Notice. Individuals must be informed that information is being gathered about them, and what information that is.
The publicly traded billion-dollar company compiled and maintained credit information on more than million credit cardholders around the globe by the late s. Originally founded at the end of the 19th century by brothers Cator and Guy Woolford to gather information for their Merchants Guide, the firm officially became Equifax in Equifax, which stood for "equitability in the gathering and presentation of facts," grew exponentially in the remaining years of the s and into the s.
By the late s Equifax ruled the information-compilation industry, but was not without its detractors. While gathering information had always riled privacy rights proponents, Equifax did make some questionable moves in its stellar climb to the top of the information industry. Its Insurance Information Services group, which assisted health, life, property, and casualty insurers in the investigation of potential clients, was losing its way, and Derek V.
Smith, who had been with the company since , took over the ailing division in By this time in its corporate life, Equifax was no stranger to controversy and had decided to divest itself of any noncore or nonfinancial assets. It had already negotiated to sell its healthcare and direct marketing units, skirmished with California lottery officials, faced multiple lawsuits over privacy rights, and run into trouble with a new acquisition called CDB Infotek Inc.
Once the decision was made to spin off the insurance group, Equifax approached New York-based Kroll Associates in early to become part of the spinoff and merge into the new ChoicePoint. Unfortunately for both parties, executives could not agree on several salient points. CDB had been accused of violating privacy protection rights in early for allegedly selling voter registration lists to bill collectors it is illegal to sell voter registration information commercially.
The lawsuit was filed by Aristotle Publishing Inc. ChoicePoint continued its flurry of acquisitions in , buying six companies and landing several lucrative contracts as well. They also operate as an online retailer at target. Looking at the revenue and sales growth rate it is hard to fathom that more money could not be spent to ensure that consumer data is protected as much as….
It is said that the company had easily stolen credentials. If there was the necessary secure measures taken, this breach could have been stopped. Target did not have an adequate firewall which is why the hackers were able to corrupt the system and steal personal information and credit card information.
This whole…. Ashely Madison, a website that promotes extra-marital affairs was subject to a massive data breach earlier this year; personal details of some 37 million users, as well as the companies financial records, were threatened with release.
Subsequently, large caches of the data were posted online and a then-unknown hacking outfit named The Impact Team claimed responsibility. This breach not only compromised the data from the Ashley Madison database, but also Avid Life Media, who owns the Madison website…. The United States government…. The company said last week that it is discontinuing data sales to many of its customers, except when that data helps complete a consumer transaction or helps government or law enforcement.
Since disclosing the security breach, ChoicePoint has been the subject of a U. Federal Trade Commission inquiry into its compliance with federal information security laws, a U. Tighter federal controls on the use of consumer data are needed to prevent more grievous security lapses, like those at ChoicePoint and Reed Elsevier, as well as the lawsuits that follow, Rasch said.
Third-party purveyors of personal data, such as ChoicePoint and Seisint, should have to notify individuals when they sell their personal information. Currently, they do not have to notify those whose information they trade, he said.
FCRA should also be amended to cover data brokers, perhaps making them liable for selling inaccurate information and requiring them to pay to repair the credit rating of those harmed by identity theft after a breach of their systems, Rasch said.
Paul Roberts is an experienced technology reporter and editor who writes about hacking, cyber threats and information technology security.
Here are the latest Insider stories.
0コメント