ChoicePoint Update: Record-Breaking Fine Imposed

ChoicePoint has been fined $10M for violating the Fair Credit Reporting Act (FCRA). Check out our previous post on disclosing identity theft for a refresher on ChoicePoint’s reluctance to disclose their data breaches.

According to the FTC, ChoicePoint committed a laundry list of errors centering on their subscriber screening process. Apparently, data thieves were able to subscribe by using false credentials, listing mail drops as their business address and faxing applications for a variety of companies all from the same public fax machine. The FTC also charged ChoicePoint with failing to improve their subscriber screening process after receiving notices of fraudulent activity. Further, ChoicePoint was accused of making misleading and false statements about its privacy policies. For more information about the FTC’s charges, read FTC imposes $10M fine against ChoicePoint for data breach on Computerworld’s website.

While an E&O policy with third party security protection, can respond to claims for failure to prevent identity theft, penalties are normally not covered. Best plan for insureds is to set quality data protection procedures as well as disclosure policies. And of course, know what your privacy policy says so you won’t make false statements about it.