Based in Alpharetta, Georgia, ChoicePoint was formerly a struggling insurance services unit of Equifax. Derek Smith successfully trimmed its labor-intensive operations and replaced them with technologically based ones, which resulted in both higher growth and higher margins. This allowed the company to spin off from Equifax and become publicly traded in 1997. The company’s initial focus was data services for the insurance industry. As its business matured and expanded, ChoicePoint also entered into non-insurance markets and was able to consolidate fragmented industries through acquisition and integration. ChoicePoint tapped various public and private sources to gather data, assembled it into proprietary databases, and sold products primarily to Fortune 1000 companies, but also smaller businesses, law firms, private investigators, law enforcement, and individuals. Their services included: background checks and drug testing on job applicants, personal public records, and background checks on service providers.
The company recently faced lawsuits and industry criticisms due to the inaccuracy, breach, and misuse of personal data. As the growing concerns about security and privacy issues of the data industry loom, some new stricter regulations and laws are likely to be passed, that may threaten the company’s profit and future. In the sections below, we will discuss those issues and industry’s critics as well as their legitimacies. We will also give recommendations and advice to CEO Derek Smith about how to overcome the issues and address the concerns to ensure ChoicePoint will remain a trusted data resource that provides value and convenience to businesses and individuals.
Even with all of ChoicePoint’s accomplishments and useful services they provided, the company had its fair share of critics. Our analysis is based this criticism of ChoicePoint and the data brokerage industry in general. With the ultimate goal of individual privacy and information security, we focused on the article “Management’s Role in Information Security,” which describes the difference between security and privacy. “Privacy deals with the degree of control that an entity, whether a person or organization, has over information about itself. Security deals with the vulnerability of unauthorized access to the content” (Dutta, 68). For the privacy issues we looked at the legal and regulatory landscape without trying to analyze morals, and for the security issues we focused on the Three Components of a Balanced Approach to Organizational Security which is shown below. “This approach specifically recognizes the three cornerstones identified in the diagram, enabling senior management to address security as the socio-technical problem that it really is” (Dutta, 73).
Criticism 1: Identity Theft
In 2005, much of the criticism centered around data brokers contribution to identity theft. “By hacking into data brokers’ computer systems, or more simply, by posing as legitimate customers and buying the information, thieves could gain access to consumers’ identifying information—their names, Social Security numbers, and mothers’ maiden names” (CP, 5).
Organizational Security Gaps: Organization & Technology
Thieves hacking into data brokers systems brings into question the technology of the brokers. We question the current data brokers “’Defense in Depth, including firewalls, intrusion detection software, password protection, key encryption, escrow accounts, authentication, secure servers, and virtual private networks” (Dutta, 78)?
The ability of a thief to pose as a legitimate customer and purchase the information may be an even bigger issue. This can be linked to the organization cornerstone where data brokers like ChoicePoint appear as though they are not helping employees understand just how important data security is. While ChoicePoint used a “credentialing process” to...