FOR IMMEDIATE RELEASE January 26, 2006 Chris Hoofnagle EPIC West Director (415) 981-6400 hoofnagle@epic.org Sherwin Siy EPIC Staff Counsel (202) 483-1140 x110 siy@epic.org Professor Daniel J. Solove George Washington University Law School dsolove@law.gwu.edu CHOICEPOINT TO PAY RECORD $15 MILLION IN FEDERAL TRADE COMMISSION ACTION Settlement follows EPIC Complaint; But EPIC Warns that Further Steps Needed to Stop Data Brokers' Privacy Breaches WASHINGTON, DC - The Electronic Privacy Information Center (EPIC), a public interest research center in Washington, DC, today applauded the Federal Trade Commission's announcement that data broker Choicepoint must pay $10 million to the Commission and $5 million to redress consumer harms caused by a data breach. It is the largest civil penalty in FTC history. EPIC Executive Director Marc Rotenberg said that the decision by the Commission makes clear that the sale of consumer data is a serious problem. "The data broker industry has put the privacy and security of American consumers at grave risk. The FTC's action against Choicepoint is an important first step, but more needs to be done," said Mr. Rotenberg. According to the Commission, Choicepoint, which sold the records of at least 163,000 individuals to a criminal ring of identity thieves, violated federal law by failing to maintain reasonable procedures to protect information, and also by falsely advertising that they adequately shielded personal information from fraud and misuse. "The message to ChoicePoint and others should be clear: Consumers' private data must be protected from thieves," said Deborah Platt Majoras, Chairman of the FTC. "Data security is critical to consumers, and protecting it is a priority for the FTC, as it should be to every business in America." EPIC filed a complaint with the Federal Trade Commission in December 2004 that described Choicepoint's sale of personal information that failed to provide the privacy safeguards of the Fair Credit Reporting Act. However, the FTC failed to act on the EPIC complaint until the press reported on Choicepoint's sale of personal data to the ID theft criminals. More than 800 consumers so far have been victims of identity theft as a result of that disclosure. Chris Hoofnagle, Director of EPIC's West Coast office, said that Choicepoint and other data brokers deliberately skirt existing federal law. "Commercial data brokers evade federal consumer protection law," he said. "The states have taken the lead on consumer privacy protection. Credit should go to California for bringing attention to the problems with Choicepoint and other data brokers." EPIC has recommended legislation that would allow consumers access to, and the ability to correct, personal records maintained by data brokers, as well as mandatory notification when individuals' personal information had been breached. George Washington University Law professor Daniel Solove, a leading expert on information privacy, said "In light of the growing threat, the Federal Trade Commission and Congress should follow up on these initial measures, not only by taking action against data brokers like Choicepoint, but also by giving consumers the benefit of real protections on their personal information." Federal Trade Commission Press Release: http://www.ftc.gov/opa/2006/01/choicepoint.htm Federal Trade Commission Court Documents: http://www.ftc.gov/os/caselist/choicepoint/choicepoint.htm EPIC Choicepoint Web page: http://www.epic.org/privacy/choicepoint EPIC's Complaint: http://www.epic.org/privacy/choicepoint/fcraltr12.16.04.html