Acxiom lets congress know opinion of privacy proposals.ACXIOM CORP.'S EFFORTS to lobby against proposed federal data-protection legislation that it considers overly restrictive are being undermined by a continuing string of high-profile security breaches that have made corporate information security look like a sieve. On April 12, the day before Acxiom's chief privacy officer, Jennifer Barrett, testified before a Senate Judiciary Committee The U.S. Senate established the Committee on the Judiciary on December 10, 1816, as one of the original 11 standing committees. It is also one of the most powerful committees in Congress; among its wide range of jurisdictions is investigation of federal judicial nominees and oversight of hearing about electronic data security, LexisNexis of New York New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of revealed that a breach in one of its databases may have compromised sensitive information on about 310,000 Americans, more than 10 times more than the company first estimated. The problem isn't limited to data brokers, and financial information is clearly vulnerable: On Tuesday, the DSW DSW - penis war Shoe Warehouse chain confirmed that a previously reported data breach threatened almost 1.4 million credit card and check-transaction customers. Later the same day, discount broker Ameritrade said a backup computer tape containing personal information on about 200,000 current and former customers had been lost. Congress is considering, a series of bills aimed at keeping consumers' most personal information from falling into the hands of potential identity thieves. Though some privacy advocates question why companies like Acxiom have such information in the first place, legislators seem most concerned with preventing identity theft. It is a crime that victimized nearly 10 million consumers and resulted in losses exceeding $50 billion in 2002, the time of the FBI's last survey, and its frequency is on the rise. Acxiom has sustained security breaches of its own, most recently in August 2003. But Barrett claims that none of Acxiom's breaches have ever resulted in an identity theft. Indeed, Acxiom boasts it is at the forefront of information security. The company spends "tens of millions of dollars" each year to secure its data, Barrett said. In 1991, Acxiom made Barrett one of the business world's first chief privacy officers. Over the years, the Years, The the seven decades of Eleanor Pargiter’s life. [Br. Lit.: Benét, 1109] See : Time company has tried to stay ahead of the curve on securing its data, and the company says it already implements many of the security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security being proposed by Congress for legislation. What's more, the type of data under review represents but a fraction of Acxiom's business. But even though the company is downplaying the stakes of proposed legislation, its involvement is much closer than the sidelines. Whose Business Is It? In its 2004 fiscal year, Acxiom brought in more than $1 billion in revenue. Of that, $778 million came from its customized computer services Data processing (timesharing, batch processing), software development and consulting services. See service bureau, SaaS and ASP. and $233 million from its line of information products--data. The data portion of Acxiom's business is split into four categories: marketing products, directory products, management products and background screening products. Two of those, background screening products and fraud management products, use sensitive information such as Social Security numbers and drivers license numbers. It is here that Acxiom distinguishes itself from some other data brokers. In her testimony to the Senate Judiciary Committee, Barrett said, "Acxiom's fraud management products are sold exclusively to a handful of large companies and government agencies--they are not sold to individuals." In one high-profile case, ChoicePoint Inc. of Alpharetta, Ga., was duped by criminals posing as businesses, faxing phony business licenses and often never having face-to-face contact with the data provider. Acxiom's clients have legitimate addresses and face-to-face contact with the company, Barrett said. "We have a good understanding of who we do business with," she told Arkansas Business. Still, even legitimate customers can breach security and steal data. They did with LexisNexis. And they did with Acxiom. Last month, Daniel Baas of Milford, Ohio Milford is a city in Clermont and Hamilton counties of the U.S. state of Ohio, along the Little Miami River in the southwestern part of the state. Milford, an abbreviated form of mill ford, was so named because it was the first safe ford across the Little Miami north of the Ohio , was sentenced to 45 months in federal prison for stealing data from Acxiom between December 2002 and January 2003. At the time, Baas was working as a systems administrator for Market Intelligence Group, which was a legitimate Acxiom customer. Prosecutors did not believe Baas did anything with the information he accessed, but the breach cost Acxiom $5.8 million. During its investigation of Baas, the company discovered another breach that cost the company at least $7 million. Last July, federal prosecutors indicted INDICTED, practice. When a man is accused by a bill of indictment preferred by a grand jury, he is said to be indicted. online advertiser Scott Levine Scott Levine was a Boca Raton, Florida resident. On 22 July, 2004, Levine was charged with the largest computer crime indictment in United States history. Federal prosecutors alleged that Levine unlawfully accessed databases of consumer data aggregator Acxiom to steal detailed , who ran Snipermail.com out of Boca Raton Boca Raton (bō`kə rətōn`), city (1990 pop. 61,492), Palm Beach co., SE Fla., on the Atlantic; inc. 1925. Boca Raton is a popular resort and retirement community that experienced significant industrial development in the 1970s and 80s. , Fla., on 139 counts for accessing an Acxiom server used for file transfers; downloading an encrypted password file; and accessing 8.2 gigabytes of data that included customer names, addresses, email addresses See Internet address. and customer demographics. Prosecutors claim Levine then sold that information to be used for marketing; they do not believe it was used for identity theft. At the time, Assistant U.S. Attorney Sandra Cherry of Little Rock said, "It may be the biggest cybercrime cybercrime also known as computer crime Any use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. ever prosecuted and investigated." Acxiom insists security weaknesses that made those two breaches possible have been corrected. ChoicePoint, LexisNexis and other companies whose breaches made headlines have made the same assurances. Legislators are beginning to insist that data brokers need more regulations to prevent breaches and to make sure affected consumers are informed when breaches do happen. Legislation At the forefront of proposed data legislation is U.S. Sen. Diane Feinstein, D-Calif. Feinstein has already proposed three bills aimed at thwarting identity theft that have been met with mixed reviews both from the Senate and from Acxiom. A bill proposed by Feinstein that would require businesses and government agencies to notify customers when it appears a hacker has accessed their personal information died in the last congressional session thanks to opposition from banks and financial institutions. Some form of a notification bill is expected to pass, but the details are still being debated. One of Acxiom's key objections with Feinstein's bill is that it would not preempt pre·empt or pre-empt v. pre·empt·ed, pre·empt·ing, pre·empts v.tr. 1. To appropriate, seize, or take for oneself before others. See Synonyms at appropriate. 2. a. other state legislation. Barrett describes the issue as a practical one. "I think a national standard is in the best interest for the business community, so if you have to give a notice then you have to give the same notice to everybody," she said. When it comes to technology legislation, Congress has historically enacted federal laws that prevent states from making stricter ones. But some argue that stricter state laws could prove more effective. Vermont Attorney General Vermont Attorney General is an elected office in Vermont, United States. It was created by an act of the legislature in 1790, repealed in 1797, and revived in 1904. List of Vermont Attorneys General
The Arkansas General Assembly The Arkansas General Assembly is the legislative branch of the Arkansas government. The General Assembly consists of an upper branch, the Arkansas State Senate, and a lower branch, the Arkansas House of Representatives. There are 100 representatives and 35 senators. just passed its own notification law, the "Personal Information Protection Act," which Gov. Mike Huckabee  This article or section contains information about one or more candidates in an upcoming or ongoing election.Content may change as the election approaches. signed into law. The law also requires businesses and state agencies to maintain reasonable security on sensitive personal information. Another provision in Feinstein's notification bill requires notification even if the breached information was encrypted or was not used. Barrett took issue with that, saying, "I don't know Don't know (DK, DKed) "Don't know the trade." A Street expression used whenever one party lacks knowledge of a trade or receives conflicting instructions from the other party. why she feels the need to report to the consumer gobbledygook gob·ble·dy·gook also gob·ble·de·gook n. Unclear, wordy jargon. [Imitative of the gobbling of a turkey.] Noun 1. ." Ultimately, Acxiom supports some form of notification bill, but Barrett said she would like to see a bill that only requires consumer notification if there's a risk of identity theft. "It's called a cry wolf syndrome," she said. "Cry wolf too many times and people won't listen." Barrett said Feinstein "comes really close" with her Social Security Number Misuse Prevention Act, which would prohibit the sale or display of Social Security numbers to the general public and require Social Security numbers to be taken off public records published on the Internet. But again, Barrett wants the law to preempt state laws, and she disagrees with some of the bill's penalty provisions. Privacy advocates have long railed against the widespread public use of Social Security numbers as identifiers. In 2003, for instance, the Arkansas Legislature halted the use of Social Security numbers as drivers license numbers. James Dempsey James Dempsey (February 1917 - 12 May 1982) was a Scottish Labour Party politician. Dempsey was educated at Holy Family School, Mossend, the Co-operative College in Loughborough, and at the National Council of Labour Colleges. , executive director of the Center for Democracy & Technology, told the Senate Judiciary Committee, "Given the ubiquity Ubiquity See also Omnipresence. Burma-Shave their signs seen as “verses of the wayside throughout America.” [Am. Commerce and Folklore: Misc. of Social Security numbers in the public domain, it might not be possible to prevent criminals from acquiring them, but that does not mean we should give up trying to curtail the SSN's overuse overuse Health care The common use of a particular intervention even when the benefits of the intervention don't justify the potential harm or cost–eg, prescribing antibiotics for a probable viral URI. Cf Misuse, Underuse. and misuse." Another piece of legislation proposed by Feinstein, The Privacy Act, requires companies to let consumers "opt in" before their sensitive information is shared and give them a choice to "opt out" when less sensitive information is shared. Barrett said she was not familiar with that bill but that Acxiom already lets consumers opt out of its marketing data and allows customers to look at reference products to make sure that data is accurate. Democratic U.S. Sens. Chuck Schumer Charles Ellis "Chuck" Schumer (born November 23, 1950) is the senior U.S. Senator from the state of New York, serving since 1999. A Democrat, in 2005, he became chairman of the Democratic Senatorial Campaign Committee. of New York and Bill Nelson of Florida have proposed another more comprehensive bill that would include notification and crack down on the sale of Social Security numbers and also would regulate data brokers like credit bureaus and create a new Federal Trade Commission office to help identity-theft victims restore their identifies. Barrett seemed at best lukewarm luke·warm adj. 1. Mildly warm; tepid. 2. Lacking conviction or enthusiasm; indifferent: gave only lukewarm support to the incumbent candidate. about the bill, saying "the concepts aren't particularly bad." But she also wondered "how much of those need to be written into law and how much need to be part of a [company's] code of conduct." Analysts have mixed opinions on what more regulation could do to Acxiom's stock, which has been on a steady decline since starting 2005 above $26. Late last week, the price was below $19. An analyst who asked to remain anonymous said he did not think the stock's drop was related to possible legislation. Last week, however, Motley Fool writer Rich Smith pointed out Acxiom and ChoicePoint as potential bargains. He wrote: "ChoicePoint and Acxiom ... both sport (enterprise value-to-free cash flows) considerably lower than their growth rates Growth Rates The compounded annualized rate of growth of a company's revenues, earnings, dividends, or other figures. Notes: Remember, historically high growth rates don't always mean a high rate of growth looking into the future. . And their earnings numbers mask their true cash profitability behind high (price-earnings) ratios. Thus, they both appear to present pretty decent values, if you can stomach their regulatory risks." |
|
||||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion