Home » Data Protection » PCI and Compliance

The Never-Ending ChoicePoint Story

In the wake of the settlement the Federal Trade Commission announced last week with the data broker ChoicePoint, most of the attention has been on the biggest, baddest number of them all: $15 million. Six zeroes. Thats the total amount of money that ChoicePoint has to fork over to the feds within ten business days of reaching the settlement.

Yes, $15 million is a big number, even for a company like ChoicePoint, which celebrated a record revenue of $1.1 billion for 2005 only hours before the announcement of the settlement. ChoicePoints net income was $141 million, so a $15 million settlement for fraudulently disclosing personal information about 163,000 consumers (discussed here) is reason for more than a mere Gesundheit.

The $15 million comes on top of other millions, toolike the $19.3 million charge that the company took for specific legal expenses and other professional fees related to the fraud; the almost certainly millions in expenses for the third-party security audits ChoicePoint must go through for the next 20 years; and a loss of revenue stemming from ChoicePoint exiting some of its riskier lines of business, which the company warned shareholders last March would amount to a $15 million to $20 million loss of revenue.

(Given all this, its a wonder that ChoicePoints stock price opened today at 41.25, about 90 percent of its price of 46.01 on the day before the scandal broke last February. But I digress.)

No, the most important number of all may be the $5 million of the settlement that is intended for consumer redress.

In case you havent read the fine print, $10 million of the $15 million settlement is the civil penalty, the largest the FTC has ever levied. This is the part of the settlement that is supposed to say to ChoicePoint that when it was bad, it was horrid. Or, as FTC Chairman Deborah Platt Majoras put it in a statement, The message to ChoicePoint and others should be clear: Consumers private data must be protected from thieves.

But the other $5 million is another matter, and one that makes it clear that the ChoicePoint sagaalready legendary not just for its scope, but also for the extraordinary number of details that have been made public through SEC filings and other documentshas only begun to unfold. The $5 million will be used to create a fund for persons who become victims of fraud or identity theft due to the breach. This money may not be lost to ChoicePoint forever. In fact, the settlement states that any funds that remain after redress is completed may be used to address the practices, including information remedies, that the FTC laid out in its original complaint against ChoicePoint. [Correction: According to the FTC, leftover funds can be used not by ChoicePoint but by the FTC for related activities, such as consumer awareness about identity theft.]