Let's start with ChoicePoint. Its privacy statement says it's "dedicated to protecting the privacy of individuals," which includes "strict standards regarding the use and dissemination of personal information." That sounds good. But somehow, identity thieves were able to set up 50 fake businesses and gain access to 145,000 customer data profiles. California law required the company to alert consumers about a potential breach, which is exactly the right thing to do. But it has opened up debate over whether laws in other states need to be more stringent. Regardless of what you think about that, here's what irks me: A company spokesman said, "We're being much more stringent in our requirements about who customers are and making them prove they're a legitimate business." Now, if you're dishing out personal information about consumers, wouldn't you think that providing it only to legitimate businesses would be top of mind? Wouldn't you seek that proof? Wouldn't you verify it?
Here's something that irks me even more. One of the participants in the scheme was sentenced to a measly 16 months in prison. It could take years for people whose identities have been stolen to clean up their financial records, and this guy gets less than a year and a half? "Surely this must be some kind of a joke," wrote reader Mike McCreery. "Shame on us as a society for allowing these people to steal this amount of personal data and then just give them a little slap on the wrist. Where is the justice when it comes to IT crimes?"