Computer Security: ChoicePoint's Lessons Learned

By CIOinsight  |  Posted 06-26-2006

A rash of security breaches has hit the headlines recently, chief among them the theft of a Department of Veterans Affairs' laptop with data on 26.5 million vets. Perhaps the best advice on how to respond if your company is caught in the line of fire comes from one that has been there itself: consumer data broker ChoicePoint.

In February 2005, ChoicePoint acknowledged that it had mistakenly sold personal information on thousands of individuals—as it turned out, more than 163,000 people—to bogus companies set up by Nigerian criminals (see ChoicePoint: Blur, from Baseline's June 2005 issue). The Federal Trade Commission this January fined the Alpharetta, Ga.-based company $15 million for the disclosures.

Carol DiBattiste, ChoicePoint's chief credentialing, compliance and privacy officer, says the company has taken numerous steps in the past year to make sure such a breach never happens again.

"There's not a company around today that takes security more seriously than we do," claims DiBattiste, who joined ChoicePoint in March 2005 after serving as deputy administrator of the U.S. Transportation Security Administration. She says ChoicePoint has passed 43 security and privacy audits in the past year.

Gartner analyst Avivah Litan says ChoicePoint's security practices are now extremely strict—and appear to be among the best in any industry. "When you're fined and caught after a data breach," she says, "you really shape up."

Read the full story on Baselinemag.com: Computer Security: ChoicePoint's Lessons Learned