After the Breach, ChoicePoint Works to Rebuild Its Image and Security

Data broker mitigates its risk with voluntary actions, preempting a legislative response

ATLANTA -- The media scrutiny that surrounded ChoicePoint Inc. after it disclosed in February that thieves had accessed its massive database of consumer information has waned as even larger breaches have been exposed at other companies.

The Alpharetta, Ga.-based data broker's profits also have continued to grow, and its major customers seem to be staying put. In fact, the Internal Revenue Service last month awarded ChoicePoint a new $20 million contract to help the agency locate assets owned by delinquent taxpayers.

The company, which reported an 11 percent increase in profits in the first quarter, is expected to report more gains when its second-quarter results are announced Wednesday.

Investors, however, don't seem to be running back in droves - the company's stock price is still down more than 10 percent since the breach was announced. They could be waiting to see what ongoing investigations by the Federal Trade Commission and Securities and Exchange Commission reveal.

"There's an expectation that people be held accountable if they break the law or their fiduciary responsibility," said Bruce Simpson, an analyst with William Blair & Company in Chicago.

He added, "I don't think there's any evidence ChoicePoint broke the law. They are the victims of a fraudulent act. If the SEC comes back and says there's a violation, that's a different story, but as much as we know now, there wasn't any kind of law breaking going on."

ChoicePoint has been trying to regain the public's trust since it announced that thieves posing as small business customers gained access to its database, possibly compromising the personal information of 145,000 Americans. The breach was found in late September, but not publicly disclosed until mid-February. Authorities say at least 750 people were defrauded in the scam.

ChoicePoint collects data on individuals, including Social Security numbers, real estate holdings and current and former addresses. It has about 19 billion records, and its customers include insurance companies, financial institutions and federal, state and local agencies.

The company says it has taken several steps to ensure another breach of its database does not occur.

It has strictly limited the sale of consumer information to small businesses and has started re-screening some customers to make sure they are who they say they are. Since it started that process, it has turned away more than 200 potential customers. The company also plans to improve its procedures for screening prospective employees and it's working on a new consumer notification policy that will apply not only to states that require notification when there is breach, but also to other states.

ChoicePoint also hired Carol A. DiBattiste, former deputy administrator of the Transportation Security Administration, to be its chief compliance and privacy officer.

DiBattiste, who started at ChoicePoint in May, said the company is reaching out to customers to show them ChoicePoint is working to protect its database of information from intrusion.

"I believe the things that ChoicePoint is doing is getting through," DiBattiste said. "Consumers are taking notice. The others in the industry are taking notice."

The former federal prosecutor and Air Force undersecretary said her independence from the company - she reports only to ChoicePoint's board of directors - is a key to regaining public trust.

"I came in from the outside," said DiBattiste, who works out of an office in McLean, Va. "I don't know any of the people here."

This content continues onto the next page...