Major Data Theft Leads to Major Legal Problems

Choicepoint, the Alpharetta, Ga.-based data broker, became a synonym this year for problems with keeping data secure and accurate.

In February, ChoicePoint admitted that it was fooled into selling personal information on 145,000 people to Nigerian identity thieves posing as small businesses.

In November, the company disclosed in a regulatory filing that the number of affected people had climbed to 162,000. ChoicePoint also uncovered other instances of fraud while investigating the identity thefts committed by the Nigerians, the company said in a statement published in September.

In that statement, ChoicePoint said it notified 5,054 people that it had lost control of IDs and passwords belonging to the Miami-Dade County Police Department, an accredited insurance company, and private investigation firm RPM & Associates—all legitimate ChoicePoint customers. As a result, according to ChoicePoint, personal information may have been exposed.

In addition, ChoicePoint said it notified 126 people that their personal information may have been exposed by two men, who were believed to have used their ChoicePoint IDs and passwords to access information on people whose names were similar to their own in order to commit identity crimes. They were arrested, ChoicePoint said in the statement, and three of their victims had been contacted by law enforcement.

Are you spreading bad data?

Data quality problems are not confined to ChoicePoint. Theyare part of the landscape in just about every corner of corporate America:

  • 80% of medical bills have multiple errors, ranging from spelling mistakes to erroneous charges, accordingto a study by the Medical Billing Advocates of America.460% of all retail invoices contain data errors, such as incorrect products, quantities and weights, according to management consultancy A.T. Kearney.
  • 20% of U.S. mail and commercial package deliveries were returned because of incorrect names or addresses, according to business and information-technology executives polled by Forrester Research in 2004.
  • 10% to 15% of all direct mail is undeliverable because the addresses are bad, according to the Direct Marketing Association.In fact, a Gartner report last year said that more than 25% of the critical data in Fortune 1,000 companies’ databases is inaccurate or incomplete.
  • Meanwhile, ChoicePoint is defending itself against lawsuits related to the thefts announced in February. Other government agencies, including the Federal Trade Commission, are conducting inquiries, and Congress is considering bills to regulate the privacy and security of data, although Democrats complain that the bills under consideration are not as tough as current state laws.

    Baseline also found that ChoicePoint had problems with data accuracy. The cover story in the June issue of Baseline (“Blur,” p. 36) highlighted a half-dozen lawsuits, some dating back to the 1990s, against ChoicePoint in which people claimed to have suffered because of bad data.

    For instance, in January 2002, Steven Calderon, a security guard for Fry’s Electronics, spent a week in a California jail. Why? A ChoicePoint subsidiary, The Screening Network, provided Fry’s with a background check erroneously identifying Calderon as a felon; Fry’s called the Anaheim police and had Calderon arrested. ChoicePoint was dismissed from the Calderon case in 2003, and Fry’s settled it.

    More recently, this September, ChoicePoint signed a confidential settlement agreement with Barbara and Robert Burkhead, and their case against the data broker was dismissed. Robert, a retired assembly line worker, had sued in 2004 claiming that ChoicePoint’s CLUE (Comprehensive Loss Underwriting Exchange) database had generated erroneous accident reports on him for six years, which made his car insurance premiums unaffordable.

    Next page: Expensive Errors.