EPIC logo
FOR IMMEDIATE RELEASE
January 26, 2006

Chris Hoofnagle
EPIC West Director
(415) 981-6400
hoofnagle@epic.org

Sherwin Siy
EPIC Staff Counsel
(202) 483-1140 x110
siy@epic.org

Professor Daniel J. Solove
George Washington University Law School
dsolove@law.gwu.edu


CHOICEPOINT TO PAY RECORD $15 MILLION IN FEDERAL TRADE COMMISSION ACTION

       Settlement follows EPIC Complaint; But EPIC Warns that
    Further Steps Needed to Stop Data Brokers' Privacy Breaches

WASHINGTON, DC - The Electronic Privacy Information Center (EPIC), a
public interest research center in Washington, DC, today applauded the
Federal Trade Commission's announcement that data broker Choicepoint
must pay $10 million to the Commission and $5 million to redress
consumer harms caused by a data breach. It is the largest civil penalty
in FTC history.

EPIC Executive Director Marc Rotenberg said that the decision by the
Commission makes clear that the sale of consumer data is a serious
problem. "The data broker industry has put the privacy and security of
American consumers at grave risk. The FTC's action against Choicepoint
is an important first step, but more needs to be done," said Mr.
Rotenberg.

According to the Commission, Choicepoint, which sold the records of at
least 163,000 individuals to a criminal ring of identity thieves,
violated federal law by failing to maintain reasonable procedures to
protect information, and also by falsely advertising that they
adequately shielded personal information from fraud and misuse.

"The message to ChoicePoint and others should be clear: Consumers'
private data must be protected from thieves," said Deborah Platt
Majoras, Chairman of the FTC. "Data security is critical to consumers,
and protecting it is a priority for the FTC, as it should be to every
business in America."

EPIC filed a complaint with the Federal Trade Commission in December
2004 that described Choicepoint's sale of personal information that
failed to provide the privacy safeguards of the Fair Credit Reporting
Act.

However, the FTC failed to act on the EPIC complaint until the press
reported on Choicepoint's sale of personal data to the ID theft
criminals. More than 800 consumers so far have been victims of identity
theft as a result of that disclosure.

Chris Hoofnagle, Director of EPIC's West Coast office, said that
Choicepoint and other data brokers deliberately skirt existing federal
law. "Commercial data brokers evade federal consumer protection law," he
said. "The states have taken the lead on consumer privacy protection.
Credit should go to California for bringing attention to the problems
with Choicepoint and other data brokers."

EPIC has recommended legislation that would allow consumers access to,
and the ability to correct, personal records maintained by data brokers,
as well as mandatory notification when individuals' personal information
had been breached.

George Washington University Law professor Daniel Solove, a leading
expert on information privacy, said "In light of the growing threat, the
Federal Trade Commission and Congress should follow up on these initial
measures, not only by taking action against data brokers like
Choicepoint, but also by giving consumers the benefit of real
protections on their personal information."

Federal Trade Commission Press Release:

     http://www.ftc.gov/opa/2006/01/choicepoint.htm

Federal Trade Commission Court Documents:

     http://www.ftc.gov/os/caselist/choicepoint/choicepoint.htm

EPIC Choicepoint Web page:

     http://www.epic.org/privacy/choicepoint

EPIC's Complaint:

     http://www.epic.org/privacy/choicepoint/fcraltr12.16.04.html