ChoicePoint lessons learned.After its involvement in a headline-grabbing 2005 data breach that compromised the records of 163,000 people, ChoicePoint has since turned itself into a role model for how to do data security and privacy right. So much so that the company, which provides data used in background checks, now is sharing its experience and advice on securing consumers' personal information. It's a remarkable turnaround. After ChoicePoint handed over sensitive data about individuals in its database to criminals pretending to be clients, the company paid $10 million in civil penalties and $5 million to consumer victims. The company, which settled separately with 43 states over the breach, also decided to limit the sale of information products containing sensitive consumer data, such as Social Security and driver's license Noun 1. driver's license - a license authorizing the bearer to drive a motor vehicle driver's licence, driving licence, driving license license, permit, licence - a legal document giving official permission to do something numbers, according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. a NetworkWorld report. As a result, ChoicePoint left what was a more than $15 million business serving small and medium accounts because it could not adequately confirm the credentials CREDENTIALS, international law. The instruments which authorize and establish a public minister in his character with the state or prince to whom they are addressed. If the state or prince receive the minister, he can be received only in the quality attributed to him in his credentials. of those customers in a cost-efficient manner, Daniel Lemecha, ChoicePoint's chief information officer and senior vice president said, speaking at the 2007 IDC IT Forum & Expo in Boston. Over the past 24 months, he said, ChoicePoint has gone through more than 80 external audits. In April, a Gartner analyst told USA Today USA Today National U.S. daily general-interest newspaper, the first of its kind. Launched in 1982 by Allen Neuharth, head of the Gannett newspaper chain, it reached a circulation of one million within a year and surpassed two million in the 1990s. that ChoicePoint has "transformed itself from a poster child of data breaches to a role model for data security and privacy practices." At the IDC IT Forum, according to Network World, Lemecha offered a five-step plan based on ChoicePoint's actions for securing data and privacy systems: 1. Governance: ChoicePoint's chief privacy officer reports directly to a board that governs privacy and public responsibility, bypassing the rest of the corporate structure, according to Lemecha. The board is briefed quarterly on progress improving privacy and security, and several other committees are responsible for more specific oversight roles. The company also has several divisions that handle privacy and security from different angles, such as a corporate credentialing Credentialing is the administrative process for validating the qualifications of licensed professionals, organizational members or organizations, and assessing their background and legitimacy. center, a compliance and privacy division, and internal auditing. One group or department cannot do it all, Lemecha said. [ILLUSTRATION OMITTED] 2. Clearly define expected behavior and provide tools to simplify compliance for employees: ChoicePoint implemented new practices for monitoring potentially fraudulent The description of a willful act commenced with the Specific Intent to deceive or cheat, in order to cause some financial detriment to another and to engender personal financial gain. customer behavior, such as investigating companies that suddenly increase the number of background checks they run by a large amount. 3. Create data breach response policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental : Who should be contacted in the event of a breach, and what should the company do for affected customers? After its breach, ChoicePoint offered victims free credit monitoring, credit reports, and identity theft insurance. 4. Determine the credentials of those you work with and those who work for you: Lemecha advised background checks for employees on a regular, ongoing basis, rather than just at the point of hire. 5. Embrace openness: ChoicePoint's website now lists the steps it takes to protect privacy. The company developed another site that lets consumers see what information ChoicePoint maintains about them in its files. Lastly, Lemecha advised companies to beware be·ware v. be·wared, be·war·ing, be·wares v.tr. To be on guard against; be cautious of: "Beware the ides of March" Shakespeare. v. of simple security mistakes. For example, listing a person's Social Security number on a mailing address label and not securing data on a laptop Same as laptop computer. laptop - portable computer that is later stolen or lost are common and costly mistakes. Lemecha recommended encrypting all laptops and ensuring all portable devices are password-protected. No matter the device, a firm should have the ability to remotely delete To remove an item of data from a file or to remove a file from the disk. See file wipe, trash and undelete. 1. (operating system) delete - (Or "erase") To make a file inaccessible. any sensitive data that it may hold. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion