honoluluadvertiser.com

Sponsored by:

Comment, blog & share photos

Log in | Become a member
The Honolulu Advertiser

Posted on: Saturday, March 12, 2005

Is Your Data Safe?

 •  Dossier can be dead-on or error-filled

By Ellen Simon
Associated Press

NEW YORK — Privacy advocates have long complained about scant regulation of the data-brokering companies that traffic in dossiers on almost every adult American.

ChoicePoint Inc. is one of the largest publicly traded U.S.-based data-brokering companies. The companies pull personal information from a variety of sources and package it in easy-to-digest dossiers.

But barely anyone paid attention.

That's changing after disclosures by two of the largest such businesses, ChoicePoint Inc. and LexisNexis, that intruders sneaked into the companies' databases and gained access to dossiers on more than 170,000 Americans, at least 750 of whom had their identities stolen.

The cases, along with word from Bank of America that it lost computer tapes containing data on 1.2 million federal employees, raises the question of what consumers can do to protect their personal information.

The answer: Not much.

Even the most basic report from a company like LexisNexis, which announced this week that dossiers on 32,000 Americans may have been illegally accessed by criminals, includes an individual's address and Social Security number — enough information for identity thieves to open a credit card account.

Everyone from landlords screening tenants to insurance companies weighing a driver's risk to human resources departments wondering if job applicants are ex-felons can buy such data.

Businesses that can see your Social Security number include companies that send unsolicited mail. The Direct Marketing Association says the marketers use Social Security numbers to make sure they're sending mail to the correct individual.

Journalists also can get that access.

When an Associated Press reporter ordered a LexisNexis report this week, providing her name and address, it came back with her complete Social Security number.

Data brokers compile these reports largely by gathering public records.

"You can't opt out from all the public records," said Evan Hendricks, author of "Credit Scores and Credit Reports." Public information available to the data brokers includes some drivers' records and property records.

The companies have "opt-out options" to be removed from some databases, said Hendricks, but "you don't know how to opt out if you've never heard of the company before. The current system puts the burden on the individual to discover the system, understand how it works and know what you have to do."

The largest publicly traded U.S.-based data-brokering companies are Acxiom Corp., which had $1 billion in sales in its 2004 fiscal year and ChoicePoint Inc., which had sales of $795.7 million. (Both made some money from businesses other than selling data — Acxiom had sales of $778.1 million in fiscal 2004 in its services division, which helps companies manage and mine their own data).

Another large data broker, LexisNexis, is owned by London-based Reed Elsevier PLC. Revenues at LexisNexis' Seisint division, which suffered the security breach, were up 40 percent last year to $120 million, according to Reed Elsevier.

The companies are sometimes called data aggregators because they pull information from a variety of sources and package it in easy-to-digest dossiers.

Acxiom gets data from phone books, directory service, voter registrations, county assessor and recorder information, questionnaires, warranty cards, catalog buyer behavior and product registration.

ChoicePoint says it has access to more than 19 billion public records, including motor vehicle reports, police reports, license and deed transfers and military records. It has bought companies with databases of bankruptcies, civil judgments and federal and state tax liens. It also has bought a company that developed technology to order birth, death, marriage and divorce certificates.

In addition, ChoicePoint has a proprietary database of claims information contributed by insurance underwriters, its annual report says, while the company's job-applicant screening reports include credit and driving record checks, prior employment verification, education and licensing verification and criminal record searches.

As part of its "anti-money laundering solutions," LexisNexis has databases of Social Security Administration death files, driver's licenses, state professional licenses, the Bureau of Export Administration Denied Persons Information, real estate assets, motor vehicle registrations, boat registrations, aircraft registrations and bankruptcy records.

Who wants to know all this?

Acxiom says its clients include Allstate, the city of Chicago, Federated Department Stores, General Electric Co., General Motors Corp. and International Business Machines Corp.

ChoicePoint has more than 50,000 customers including the Federal Bureau of Investigation, the Internal Revenue Service and the Department of Homeland Security. Insurance companies are ChoicePoint's largest group of customers.

ChoicePoint says its reports helped auto and property insurers assess underwriting risk in more than 115 million renewals or new policies. The company says, in addition, that it has identified more than 300,000 individuals with criminal records.

With all those criminals out there, you'd think screening customers would be important for data brokers. How is that done?

At LexisNexis, teams review and determine the validity of a business's licenses and memberships in professional associations and also "examine documents provided to us to see if they have been forged or tampered with in other ways," the company said in a statement.

The privacy issue is also on the companies' radar. ChoicePoint says it has a three-person privacy committee that met twice in 2003.

This past week, the company named as its privacy officer Carol A. DiBattiste, the deputy administrator of the Transportation Security Administration.