State Lawmakers Grill ChoicePoint Over Privacy Concerns, Potential for ID Theft

Data broker ChoicePoint Inc., the focus of a national furor over privacy, said Wednesday that it supported legislation that would allow people to see -- and correct, if necessary -- records the company kept on them.

Don McGuffey, the company’s vice president for data acquisition, told the state Senate’s Banking, Finance and Insurance Committee that ChoicePoint was developing a system to give individuals “a single point of access” to review a variety of reports generated from databases that are sold to law enforcement and government agencies, employers, landlords and insurers.

“You will receive the reports that we have on you,” McGuffey said at a hearing.

ChoicePoint, based in Alpharetta, Ga., revealed last month that identity thieves had tapped confidential data in its files on as many as 145,000 people. As part of an effort to prevent a recurrence, the company is altering millions of records to keep clients from seeing full Social Security or driver’s license numbers, McGuffey said.

ChoicePoint’s offer to give people access to their own data appears to be at least conceptually in line with the wishes of the committee chairwoman, Sen. Jackie Speier (D-Hillsborough). Speier recently introduced a bill aimed at regulating the burgeoning data sales industry.

Although the proposal -- which so far contains few specifics -- would not directly address the problem of identity theft, it would bring accountability to a business “that has grown up overnight with no regulations whatsoever,” Speier said.

It’s unclear whether lawmakers will seek to require companies to provide people with access to their own records for free; another data broker represented at Wednesday’s hearing, the LexisNexis unit of Reed Elsevier, said it provided consumers with access only to data compiled from public records -- and charged them $22.

Privacy advocates supported Speier’s efforts. “Consumers have to jump over many hurdles to find out what information is out there,” said Richard Holober, executive director of the Consumer Federation of California.

Government must help people get information from their own files, said Elizabeth Rosen, a Los Angeles registered nurse who testified at Wednesday’s hearing. Rosen and about 35,000 other Californians got letters last month from ChoicePoint warning them that their records had been seen by criminals posing as merchants. The personal and financial information could be used to open phony credit card accounts or to buy goods under an assumed name.

Rosen said ChoicePoint’s letter to her also indicated that she had been involved in a crime and that law enforcement officers were investigating the matter -- without explaining the crime or indicating whether it resulted from the theft of her records. Rosen said she was afraid “that a terrorist was using my identity” and she wanted to review her complete record with ChoicePoint.

ChoicePoint, she said, refused to make all the information available, and the six pages of data drawn from public records it sent her were full of mistakes, listing erroneous addresses, business ownerships and employment.

ChoicePoint’s McGuffey said he was unfamiliar with Rosen’s case.

ChoicePoint wrote to Rosen only because of a 2003 California law, the first in the nation, that forced the company to contact all potential identity theft victims in the state. Later, the company voluntarily informed 110,000 people in other states after the incident drew widespread attention, provoking expressions of outrage from lawmakers.

The Los Angeles County Sheriff’s Department said it had found 750 people allegedly defrauded by the identity theft gang. The group operated for more than a year before the arrest in October of a man living in North Hollywood, the Sheriff’s Department said.