« Microsoft Antitrust Problems In The News | Main | Maryland Anti-Spam Law Snares New York Marketer »

January 27, 2006

FTC Levies Largest Fine Against Consumer Data Provider

ChoicePoint, Inc. has settled charges by the Federal Trade Commission over the compromise of 163,000 consumer financial records in its database.  According to the FTC, at least 800 hundred cases of identity theft resulted from the breach.  ChoicePoint is to pay $10 million in civil penalties and an additional $5 million for consumer redress.

From the FTC press release:

The FTC charged that ChoicePoint violated the Fair Credit Reporting Act (FCRA) by furnishing consumer reports – credit histories – to subscribers who did not have a permissible purpose to obtain them, and by failing to maintain reasonable procedures to verify both their identities and how they intended to use the information.

The FTC charged that ChoicePoint violated the Fair Credit Reporting Act (FCRA) by furnishing consumer reports – credit histories – to subscribers who did not have a permissible purpose to obtain them, and by failing to maintain reasonable procedures to verify both their identities and how they intended to use the information.

The agency also charged that ChoicePoint violated the FTC Act by making false and misleading statements about its privacy policies. ChoicePoint had publicized privacy principles that address the confidentiality and security of personal information it collects and maintains with statements such as, “ChoicePoint allows access to your consumer reports only by those authorized under the FCRA . . . ” and “Every ChoicePoint customer must successfully complete a rigorous credentialing process. ChoicePoint does not distribute information to the general public and monitors the use of its public record information to ensure appropriate use.”

The stipulated final judgment and order requires ChoicePoint to pay $10 million in civil penalties – the largest civil penalty in FTC history – and to provide $5 million for consumer redress. It bars the company from furnishing consumer reports to people who do not have a permissible purpose to receive them and requires the company to establish and maintain reasonable procedures to ensure that consumer reports are provided only to those with a permissible purpose. ChoicePoint is required to verify the identity of businesses that apply to receive consumer reports, including making site visits to certain business premises and auditing subscribers’ use of consumer reports

The full text of the release is here.  The same page contains links to the District Court complaint and other legal documents in the case.

January 27, 2006 | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341bfae553ef00d83526c83a53ef

Listed below are links to weblogs that reference FTC Levies Largest Fine Against Consumer Data Provider:

Comments

Post a comment