logo
Issues News Reports How You Can Help Results About U.S. PIRG U.S. PIRG Education Fund Jobs

U.S. PIRG Consumer Blog

« Stove tip-over settlement reached with Sears | Main | CPSC: magnet toys #1 on the "List of Deadly Dangers" »

February 22, 2008

Data broker Lexis-Nexis parent to buy data broker ChoicePoint

Two data broker firms that have designed their business models to operate largely outside the strict data security and consumer protection rules of the Fair Credit Reporting Act will be under the same corporate umbrella, as Reed Elsevier, the international data and publishing conglomerate that owns Lexis-Nexis, has announced plans to buy the data broker ChoicePoint. As Ellen Nakashima and Robert O'Harrow report in the Washington Post story LexisNexis Parent Set to Buy ChoicePoint:

With customers including government agencies, insurance companies, banks, rental apartments, corporate personnel offices and private investigators, the combined company's reach would extend from national security offices to the living rooms of ordinary Americans. Both companies have played key roles in law enforcement, homeland security and intelligence. Both have also had identity-theft and security problems.

ChoicePoint has been credited by some with improving its business and data protection practices following the February 2005 debacle where it sold some 163,000 consumer dossiers to fly-by-night identity thieves. That event resulted in at least 3,200 known cases of identity theft, a $10 million FTC fine and accompanying $5 million consumer dollar restitution order and also triggered "the year of the breach," which precedes the "year of the recall" on the consumer calendar. While the FTC did impose its largest ever privacy fine in this case, it has never responded to allegations in a petition filed in 2004 by the Electronic Privacy Information Center and George Washington University Law Professor Daniel Solove that ChoicePoint sells products that appear to be credit reports but are sold outside of Fair Credit Reporting Act rules. ChoicePoint is a spinoff of the credit bureau Equifax.

Here is EPIC's detailed ChoicePoint page, which includes updated information about the original complaint. Lexis-Nexis has also been involved in a security breach, but of the more garden variety-- it didn't go out and sell the information, its safeguards were weak and it was hacked through a compromised subscriber account.

In a book, No Place To Hide, the Post's O'Harrow coined the term "security-industrial complex" to describe the threats to privacy posed by the new relationships between private data vendors collecting commercial data and selling it to government agencies. Unless subject to rigorous privacy scrutiny, this union will exacerbate that threat.

Posted by Ed Mierzwinski at February 22, 2008 08:57 AM

Comments

Post a comment




Remember Me?



218 D. Street, SE Washington, DC 20003
Phone (202) 546-9707
E-mail: