Yet another negative side effect of a highly publicized data breach is that it significantly increases the size of the bull's-eye on LexisNexis. The media coverage has made more people aware of the company and the type of information it sells. "What keeps me up at night?" asks LexisNexis' Cronin. "This whole thing has raised the profile of the company, so we need to be even more vigilant now. People are trying to make us their little project."
The government has also taken notice. It's not every day that Kurt Sanford has the uncomfortable experience of testifying before Congress, defending an industry that has flown well beneath the radar and, thus far, been loosely regulated. But the heat is being turned up on ChoicePoint, LexisNexis and the data-aggregating industry in general. Privacy advocates are calling for wholesale changes to the personal information business. "I think, at the very least, their business model should require them to incorporate the risks as well as the benefits of collecting and selling personal data," says EPIC's Rotenberg, who believes that companies such as LexisNexis need to be legally and financially responsible for the loss of personal data. "It's like a car company saying they can sell automobiles and not worry about whether the brakes work."
The argument against tight regulation of data aggregators is less convincing. Critics of federal intervention believe that the flow of personal information is the lifeblood of the free-market economy, and that to restrict the flow could severely inhibit the ability to approve credit and market products effectively. "Regulation is always good at protecting people's privacy," says LexisNexis' Wright. "But individual consumer transactions fuel our economy." Yet as the public clamor over identity theft rises, it's becoming increasingly likely that heavier regulation is in LexisNexis' future.
On the positive side, it has been easier for CTO McLaughlin to get budget approval of new security spending. He won't say just how much the data theft has cost the company thus far, "but it's not cheap." In talking with him, you can't help but get the feeling that no matter how much he spends on security, it will never be enough. "You can't ever stop," he says. "Whether you like it or not, you have to spend more money to try to stay one step closer. Because it's impossible to stay one step ahead."
This article was originally published on 09-05-2005