"Records "Full of Inccuracies"By John McCormick | Posted 2005-06-14 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Steven Calderon was into his second week working as a security guard for Fry's Electronics when Anaheim, Calif., police walked in and arrested him. Fry's had requested a background check on Calderon, which was done by The Screening Network, a service of C
"Records "Full of Inccuracies"
"We know that the public record is full of inaccuracies," says Marty Abrams, a former vice president of information policy and privacy at Experian who now heads the information policy group at Hunton & Williams, a business law firm that represent companies such as Bank of America and GE.
Many errors happen for the simplest of reasons. Say, for example, a government worker transposed two digits of Sam Smith's Social Security number. Four digits written as 1, 2, 3 and 4 on a property deed may get entered on an electronic form as 1, 2, 4, 3. From that moment on, whenever the data broker collected information on Sam Smith, it could pull data using both Social Security numbers. And if there were a person with the 1243 number who had declared bankruptcy, that information could be pulled into a report the data broker compiled on Sam Smith.
Inaccurate data is, if nothing else, persistent. Abel Obabueki found this out the hard way.
In 1999, IBM offered Obabueki an $85,000 marketing job, contingent on a pre-employment screening. Obabueki had pled no contest to a misdemeanor a few years earlier. After a successful probation period, the charges were dismissed and his record cleared.
IBM had Obabueki fill out a pre-screening questionnaire, with the instructions to reveal criminal convictions but omit arrests without convictions, and convictions or incarcerations "for which a record has been sealed or expunged." Obabueki correctly answered that he had no convictions.
IBM hired ChoicePoint to do the background check on Obabueki and instructed ChoicePoint to report only current and pending criminal charges. ChoicePoint, however, told IBM Obabueki had a conviction.
IBM rescinded its offer to Obabueki.
Obabueki explained what happened to IBM and sent the computer company a copy of the court order dismissing the charges against him. ChoicePoint later acknowledged its error, according to Obabueki's lawyers, and issued a revised report that listed Obabueki's criminal record as "clear."
IBM, however, did not re-offer the job to Obabueki, who sued ChoicePoint and IBM for Fair Credit Reporting Act violations. A U.S. federal court in New York heard the case.
IBM was eventually dismissed from the suit, but Obabueki won a jury verdict against ChoicePoint; the verdict found that the data merchant had not maintained strict procedures to ensure the information it reported was complete, up to date and accurate. ChoicePoint was told to pay Obabueki $450,000 for lost wages and mental distress.
The court, however, took it upon itself to dismiss the case, saying, among other things, that Obabueki had "cured" the data problem by sending IBM the court order that had dismissed the charges. His $450,000 award was erased.
Obabueki and his lawyers appealed the judge's decision and, when the appeal was denied, petitioned the U.S. Supreme Court. The high court, however, refused to hear the case.
"There is no dispute in this case that ChoicePoint failed to follow adequate procedures to verify the information it obtained and reported, that it failed to determine that the conviction had been vacated, and that, had it followed its legal obligations and its agreement with IBM, it would have accurately reported that petitioner had no convictions," stated the petition filed to the Supreme Court by Obabueki's lawyers, Gregory Antollino and Erik Jaffe.
Antollino says he thinks ChoicePoint hired a third party to gather data, and that the firm had an old file on Obabueki that it never updated before sending the file to ChoicePoint.
ChoicePoint's only comment on the case came in an e-mail from the company's chief marketing officer, James Lee: "ChoicePoint won this case at the Appellate Court, which overturned a trial verdict against ChoicePoint."
In addition to human error, the way ChoicePoint's computer systems handle data may cause inaccuracies.
ChoicePoint has hundreds of databases—many are Oracle systems running on Hewlett-Packard Unix servers. This includes two databases—one for property insurance and the other for auto—that make up its Comprehensive Loss Underwriting Exchange (CLUE), which stores 200 million insurance records.
If there is an error in a file, ChoicePoint—if it is aware of the mistake—can work to fix it. However, in many cases, data suppliers often send in new tapes and CDs with updates. The data is loaded when it comes in and the old data is purged. If an error in a file isn't corrected at the source, the erroneous data will be reloaded into ChoicePoint's systems. "They just simply replace data each month," says the 20-year data expert. "The data loading techniques are not sophisticated."
Data experts are aware of how these systems work. "It's a weird cycle," says Bruce Schneier, the founder of Counterpane Internet Security, a security software and consulting firm.
That cycling seems to be the culprit in the case of Mary Boris, a Kentucky woman who discovered in February 2000 that she had lost her homeowner's insurance. Boris had filed four insurance claims for water damage, but ChoicePoint's CLUE database was reporting them to her insurer as four claims for fire damage plus an "extended loss" claim.
Boris called the insurance company, ChoicePoint and the Kentucky Department of Insurance and got her report corrected. Months later, however, the bad data reappeared. ChoicePoint now reported she had made nine claims—four for water damage, four for fire and one for extended loss.
Boris filed suit, and ChoicePoint disclaimed all responsibility, saying it was the insurer's job to ensure that the coding on the claim reports was accurate. For 11 months after the suit was filed, the bad data remained on Boris' claims report, according to court records, until it was kicked out of ChoicePoint's computer because it had expired.
U.S. District Court Judge John G. Heyburn II, in awarding $350,000 damages to Boris, noted that ChoicePoint showed "a complete lack of sympathy" for her problems. The judge also said the company never explained the "computer glitches" that apparently caused her problem. "To this day, the Court is still unclear what procedures, if any, ChoicePoint uses to ensure the accuracy of its mass circulated reports," he wrote. The case was later settled out of court.
ChoicePoint's only comment on the case came in the e-mail from chief marketing officer Lee: "The parties to this case entered [in]to a confidential settlement agreement."
California Insurance Commissioner John Garamendi has been trying to regulate the quality of data used by insurers since 2003, when his office saw consumer complaints against insurers rise to more 100 a month. His latest effort is a bill that would force insurers to rely on "complete information"—not just historical databases like CLUE—when making underwriting decisions that go against consumers.
The insurance industry opposes Garamendi. "Only three changes are made per 10,000 files," says Dan Dunmoyer, president of the Personal Insurance Federation in Sacramento, Calif. "We get six complaints and three are justified. To us, three out of 10,000 is not a big number."
Not Just Security — Accuracy. "Serious" Errors are Common Data Customers Pay the Costs Collecting Data Without Garbage Filters Records "Full of Inccuracies" Crap In, Crap Out Fix It Yourself No Way To Check ChoicePoint Data at a Glance