Tech Law Journal Daily E-Mail Alert
January 27, 2006 Alert No. 1,298.
Home Page | Calendar | Subscribe | Back Issues | Reference
FTC Sues ChoicePoint for Sale of Consumer Data to Identity Thieves

1/26. The Federal Trade Commission (FTC) filed a four count civil complaint [14 pages in PDF] in U.S. District Court (NDGa) against ChoicePoint alleging violation of the Federal Trade Commission Act (FTCA) and the Fair Credit Reporting Act (FCRA) in connection with its sale of personal data to identity thieves.

The FTC and ChoicePoint simultaneously filed a joint proposed stipulated final judgment [29 pages in PDF]. It provides that "Defendant makes no admissions to, and denies, the allegations in the Complaint, other than the jurisdictional facts", but that it is enjoined from violating the FTCA and the FCRA, that it will pay a "civil penalty" of $10 Million, and pay $5 Million in consumer redress.

See also, FTC release. Deborah Majoras, the Chairman of the FTC, stated in this release that "The message to ChoicePoint and others should be clear: Consumers’ private data must be protected from thieves ... Data security is critical to consumers, and protecting it is a priority for the FTC, as it should be to every business in America."

ChoicePoint is a data aggregator and broker. It sells consumers' personal information to government agencies, law enforcement entities, and private sector entities, for, among other purposes, identification, tenant screening, and credential verification. It also sold consumer data to identity thieves.

The FTC complaint states that "In February 2005, pursuant to a California state law requirement, ChoicePoint notified approximately 35,000 California consumers that it may have disclosed their personal information to persons who did not have a lawful purpose to obtain the information. Subsequently, ChoicePoint notified approximately 111,000 consumers outside of California that their information may have been compromised. More recently, it notified an additional 17,000 consumers, bringing the total to 163,000. In all cases, the information disclosed by ChoicePoint included unique identifying information that facilitates identity theft, such as dates of birth and Social Security numbers, as well as nearly 10,000 credit reports. At least 800 cases of identity theft arose out of these incidents."

The complaint further states that "The persons who obtained this consumer information submitted applications to ChoicePoint and were approved by the company to be subscribers authorized to purchase ChoicePoint products and services. The applications contained false credentials and other misrepresentations, which ChoicePoint failed to detect because it had not implemented reasonable procedures to verify or authenticate the identities and qualifications of prospective subscribers."

For example, ChoicePoint accepted "facially contradictory or illogical application information".

Count I of the complaint alleges violation of Section 604 of the FCRA, which is codified at 15 U.S.C. § 1681b. This section prohibits a consumer reporting agency (CRA) from furnishing a consumer report except for specified permissible purposes. The complaint alleges that ChoicePoint violated this section by selling consumer reports for non-permissible purposes.

Count II of the complaint alleges violation of Section 607(a) of the FCRA, which is codified at 15 U.S.C. § 1681e(a). This section requires CRAs to maintain reasonable procedures to limit the furnishing of consumer reports to the purposes listed under Section 604 of the FCRA, including making reasonable efforts to verify the identity of each new prospective user of consumer report information and the uses certified by each prospective user prior to furnishing such user a consumer report.

Count III of the complaint alleges violation of Section 5 of the FTCA, which is codified at 15 U.S.C. § 45(a). It provides, in part, that "Unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce, are hereby declared unlawful."

The complaint alleges that ChoicePoint's failure to "employ reasonable and appropriate security measures to protect consumers' personal information" is an unfair act or practice in violation of Section 5 of the FTCA.

Count IV of the complaint also alleges violation of Section 5 of the FTCA. This count alleges that ChoicePoint violated Section 5 by violating the privacy policy published in its web site, which asserts that it has implemented reasonable and appropriate measures under the circumstances to maintain and protect the confidentiality and security of consumers' personal information.

The complaint names only one defendant, ChoicePoint, Inc.

Also, the complaint does not allege that ChoicePoint has sold data products, without complying with the FCRA, as non-FCRA regulated products, that are in fact products that fall within the scope of the FCRA. Nor does the complaint allege any violation of the FTCA for sale of products that fall outside of the scope of the FCRA, but that nevertheless circumvent the policy that underlies the FCRA.

For example, on December 16, 2004, the Electronic Privacy Information Center (EPIC) wrote a letter to the FTC in which it urged the FTC to investigate this topic. The EPIC asserted that data aggregation companies are now structuring their electronic databases, and data products, to fall outside of the scope of the FCRA, thereby threatening individual privacy, and the policy goals underlying the FCRA.

The EPIC wrote that "Americans face a return to the pre-FCRA era if companies like ChoicePoint can amass dossiers on Americans without compliance with any regime of Fair Information Practices. That era was marked by unaccountable data companies that reported inaccurate, falsified, and irrelevant information on Americans, sometimes deliberately to drive up the prices of insurance or credit. To some extent, this pre-FCRA area has returned." (Footnote omitted.)

See, story titled "EPIC Urges FTC to Open Investigation on Data Products and FCRA" in TLJ Daily E-Mail Alert No. 1,042, December 22, 2004.

FTC action on this issue could impact sales of data to government and law enforcement agencies.

ChoicePoint is represented in this action by Robert Belair, Karla Letsche and Kevin Coy of the law firm of Oldaker Biden & Belair, and by Joel Jankowsky and Daniel McInnis of the law firm of Akin Gump Strauss Hauer & Feld.

ChoicePoint issued a release on January 26, 2006, regarding its revenues. It reported "record total revenue of $1.1 billion for 2005, a 15 percent increase over total revenue in 2004."

It continued that "Full year 2005 Earnings Per Share ("EPS") from continuing operations was $1.53, which included a $0.24 per share dilutive effect of specific expenses related to the previously disclosed fraudulent data access, a probable settlement with the Federal Trade Commission ("FTC"), and the abandonment of certain leases."

It also stated that it "expects to finalize a settlement with the FTC regarding its investigation into the Company's compliance with federal laws governing consumer information security and related issues, including the fraudulent data access which occurred last year. The Company expects the terms of the settlement to call for a civil penalty, establishment of a fund to be administered by the FTC for consumer redress initiatives, completion of certain one-time and on-going customer credentialing activities such as additional site visits, and undertaking additional obligations relating to information security. As part of this settlement, the Company does not admit to the truth of, or liability for, any of the matters alleged by the FTC."

And, it stated that "On-going legal expenses related to the fraudulent data access are currently estimated at $4 to $6 million for 2006, exclusive of any potential settlements, with the majority of these expenses incurred during the first two quarters."

See also, stories titled "EPIC Seeks Congressional Hearing and FTC Workshop on Data Products and FCRA" in TLJ Daily E-Mail Alert No. 1,052, January 10, 2005; "ChoicePoint Describes Its Sale of Data to Identity Thieves" in TLJ Daily E-Mail Alert No. 1,081, February 23, 2005; "Senate Banking Committee Holds Hearing on Data Security" in TLJ Daily E-Mail Alert No. 1,093, March 11, 2005; "House Subcommittee Holds Hearing on Data Aggregators" in TLJ Daily E-Mail Alert No. 1,096, March 16, 2005; and "Senate Judiciary Committee Holds Hearing on Data Security" in TLJ Daily E-Mail Alert No. 1,115, April 14, 2005.

Also, on January 26, 2006, the Department of the Treasury (DOT) began sale of a DVD, for $2, titled "Identity Theft: Outsmarting the Crooks". See, DOT release.

Korea Relaxes Trade Barriers to Foreign Movies

1/26. The government of South Korea announced in a release that it has "decided to halve its 40-year-old ``screen quota,´´ the mandatory period for theaters to show domestic films every year, to 73 days, to clear the way for its free trade agreement (FTA) with the United States." Korea also stated that this rules out the possibility of a complete abolition.

Bob Portman, the U.S. Trade Representative (USTR), stated in a release that "The decision by Korea to liberalize its restrictions on foreign films is good news for Korean movie-goers and the US film industry. The long-standing Korean requirement that domestic films be shown on local theater screens 146 days out of the year placed US movies at a significant disadvantage. Today’s move to reduce the requirement by half to 73 days will help level the playing field and increase movie choices for Koreans."

He added that "Over the years, the South Korean movie industry has become increasingly competitive and it has recently gained an international reputation for producing high quality material. Now is the right time to give Korean cinemas more flexibility regarding what they can and cannot show."

Bush Asserts Power to Use Technology to Protect the American People

1/26. President Bush held a news conference at the White House. He was asked about the National Security Agency's (NSA) extrajudicial surveillance of communications where one party is in the U.S. and one party is outside. Bush asserted that he has authority "to use technology to protect the American people".

He said also that "I'm going to continue using my authority. That's what the American people expect." See, transcript.

Bush added that "the FISA law was written in 1978. We're having this discussion in 2006. It's a different world."

Washington Tech Calendar
New items are highlighted in red.
Friday, January 27

The House will not meet. It will convene for the 2nd Session of the 109th Congress on Tuesday, January 31, 2006. See, Majority Whip's calendar.

The Senate will meet at 12:00 NOON. It will resume consideration of Sam Alito to be a Justice of the Supreme Court.

9:30 AM - 1:00 PM The DC Bar Association will host a continuing legal education (CLE) seminar titled "Essential Checklist for Electronic Discovery". The speakers will include Kenneth Withers (The Sedona Conference), Judith Kinney (Legal Technologies Consulting, Kroll Ontrack), Robert Eisenberg (DOAR Litigation Consulting), Magistrate Judge John Facciola (U.S. District Court, DC), and Jonathan Redgrave (Redgrave Daley Ragan & Wagner). The price to attend ranges from $70-$125. For more information, call 202 626-3488. See, notice. Location: D.C. Bar Conference Center, 1250 H Street NW, B-1 Level.

12:00 NOON - 1:30 PM. The Progress and Freedom Foundation (PFF) will host its "Second Annual Media Luncheon". RSVP to Amy Smorodin at 202-969-2957 or asmorodin at pff dot org. Location: The City Club of Washington at Franklin Square, 1300 I Street, NW.

Sunday, January 29

Deadline to submit replies to oppositions to the U.S. Telecom Association's petition [PDF] seeking reconsideration and clarification of the Federal Communications Commission's (FCC) CALEA order. This is the FCC's order that provides that facilities based broadband service providers and interconnected VOIP providers are subject to requirements under the 1994 Communications Assistance for Law Enforcement Act (CALEA). See, notice in the Federal Register, January 4, 2006, Vol. 71, No. 2, at Pages 345 - 346.

Monday, January 30

10:00 AM - 5:00 PM. The Federal Communications Commission's (FCC) advisory committee named "Independent Panel Reviewing the Impact of Hurricane Katrina on Communications Networks" will meet. See, FCC release [PDF]. Location: FCC, Commission Meeting Room, 445 12th Street, SW.

4:00 - 5:30 PM. The American Enterprise Institute (AEI) will host a panel discussion titled "The WTO Dispute Settlement System and Developing Countries". Marc Busch (Georgetown University) and Eric Reinhardt (Emory University) will present a paper. The other speakers will be Timothy Reif (House Ways and Means Committee staff), Jay Smith (Georgetown University law school), and Claude Barfield (AEI). See, notice. Location: AEI, 12th floor, 1150 17th St., NW.

Tuesday, January 31

Alan Greenspan's last day as Chairman of the Federal Reserve Board (FRB).

The House will convene for the 2nd Session of the 109th Congress. See, Majority Whip's calendar. Votes will begin at about 3:30 PM.

RESCHEDULED FOR JANUARY 24. 10:00 AM. The Senate Commerce Committee (SCC) will hold a hearing titled "Broadcast and Audio Flag". Press contact: Melanie Alvord (Stevens) at 202 224-8456, Aaron Saunders (Stevens) at 202 224-3991, or Andy Davis (Inouye) at 202 224-4546. The hearing will be webcast by the SCC. Location: __.

RESCHEDULED FROM JANUARY 24. 10:00 AM. The Senate Commerce Committee (SCC) will hold a hearing titled "Video Franchising". The witnesses will be Ivan Seidenberg (Verizon), James Ellis (AT&T), Thomas Rutledge (Cablevision Systems Corporation), Brad Evans (Cavalier Telephone), Lori Tillery (National Association of Telecommunications Officers and Advisors), Anthony Riddle (Alliance for Community Media), Gene Kimmelman (Consumers Union), and Gigi Sohn (Public Knowledge). See, notice. Press contact: Melanie Alvord (Stevens) at 202 224-8456, Aaron Saunders (Stevens) at 202 224-3991, or Andy Davis (Inouye) at 202 224-4546. The hearing will be webcast by the SCC. Location: Room 562, Dirksen Building.

RESCHEDULED FROM JANUARY 24. 2:30 PM. The Senate Commerce Committee (SCC) will hold a hearing titled "Video Content". See, notice. Press contact: Melanie Alvord (Stevens) at 202 224-8456, Aaron Saunders (Stevens) at 202 224-3991, or Andy Davis (Inouye) at 202 224-4546. The hearing will be webcast by the SCC. Location: Room 562, Dirksen Building.

9:00 PM. President Bush will give a speech titled "State of the Union Address" to a joint session of the House and Senate. Location: U.S. House of Representatives.

Extended deadline to submit comments to the Internet Corporation for Assigned Names and Numbers (ICANN) regarding its Policy Development Process on new gTLDs. See, ICANN notice.

Extended deadline to submit nominations for members of the Spectrum Management Advisory Committee to the Department of Commerce's National Telecommunications and Information Administration (NTIA). See, original NTIA release and notice of extension.

Wednesday, February 1

2:00 - 4:00 PM. The Department of State's International Telecommunication Advisory Committee (ITAC) will hold the fourth in a series of weekly meetings to prepare for the International Telecommunications Union's (ITU) 2006 ITU Plenipotentiary Conference, to be held November 6-24, 2006, in Antalya, Turkey. See, notice in the Federal Register, December 21, 2005, Vol. 70, No. 244, at Page 75854. This notice incorrectly states that these meetings will be held on Tuesdays; they are on Wednesdays. For more information, contact Julian Minard at 202 647-2593 or minardje at state dot gov. Location: AT&T, 1120 20th St., NW.

Ben Bernanke begins his term as Chairman of the Federal Reserve Board (FRB).

Deadline for the National Cable & Telecommunications Association's (NCTA) and Consumer Electronics Association (CEA) to file their third round of status reports with the Federal Communications Commission (FCC) regarding progress in talks regarding the feasibility of a downloadable security solution for integrating navigation and security functionalities in cable set top boxes. See, FCC's Second Report and Order [37 pages in PDF] adopted and released on March 18, 2005. This order is FCC 05-76 in CS Docket No. 97-80. See also, FCC release [PDF] summarizing this order, and story titled "FCC Again Delays Deadline for Integrating Navigation and Security Functionalities in Cable Set Top Boxes" in TLJ Daily E-Mail Alert No. 1,099, March 21, 2005. See also, notice of extensions (DA 05-1930) [2 pages in PDF].

Thursday, February 2

9:30 AM. The Senate Judiciary Committee may hold an executive business meeting. Location: Room 226, Dirksen Building.

Deadline to submit reply comments to the Copyright Office in response to its notice of inquiry (NOI) regarding exempting certain classes of works from the prohibition against circumvention of technological measures that control access to copyrighted works. See, 17 U.S.C. § 1201(a), and notice in the Federal Register, October 3, 2005, Vol. 70, No. 190, at Pages 57526 - 57531.

Deadline to submit reply comments to the Federal Communications Commission (FCC) in response to its Notice of Proposed Rulemaking (NPRM) [24 pages in PDF] regarding amendments to its unsolicited facsimile advertising rules and the established business relationship (EBR) exception to the rules. This NPRM was adopted by the FCC on December 9, 2005, and released on December 9, 2005. It is FCC 05-206 in CG Docket No. 02-278. See, notice in the Federal Register, December 19, 2005, Vol. 70, No. 242, at Pages 75102 - 75110.

Deadline to submit reply comments to the Federal Communications Commission (FCC) in response to a petition for declaratory ruling [34 pages in PDF] filed by the Fax Ban Coalition that asks the FCC to find that the FCC has exclusive authority to regulate interstate commercial fax messages, and that § 17538.43 of the California Business and Professions Code, and all other State laws that purport to regulate interstate facsimile transmissions, are preempted by the TCPA, which is codified at 47 U.S.C. § 541.

Friday, February 3

9:30 AM. The U.S. Court of Appeals (DCCir) will hear oral argument in Mobile Relay Association v. FCC, No. 04-1413. Judges Sentelle, Henderson and Tatel will preside. This is a case regarding the FCC reorganization of the 800 MHz band. See, FCC brief [PDF]. Location: Prettyman Courthouse, 333 Constitution Ave., NW.

About Tech Law Journal

Tech Law Journal publishes a free access web site and subscription e-mail alert. The basic rate for a subscription to the TLJ Daily E-Mail Alert is $250 per year. However, there are discounts for subscribers with multiple recipients. Free one month trial subscriptions are available. Also, free subscriptions are available for journalists, federal elected officials, and employees of the Congress, courts, and executive branch. The TLJ web site is free access. However, copies of the TLJ Daily E-Mail Alert are not published in the web site until one month after writing. See, subscription information page.

Contact: 202-364-8882.
P.O. Box 4851, Washington DC, 20008.

Privacy Policy
Notices & Disclaimers
Copyright 1998 - 2005 David Carney, dba Tech Law Journal. All rights reserved.