StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Data Breach at ChoicePoint - Research Paper Example

Cite this document
Summary
The paper "Data Breach at ChoicePoint" critically analyzes the root causes of the data breach at ChoicePoint while providing significant discussion on prevention methods. ChoicePoint is the foremost credentialing service and date broker in the United States of America…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER92.2% of users find it useful
Data Breach at ChoicePoint
Read Text Preview

Extract of sample "Data Breach at ChoicePoint"

Data Breach at ChoicePoint ChoicePoint is the foremost credentialing service and brokerin United States of America. The organization caters to the needs of more than 220 million US citizens while maintaining 19 million public records. In 2000 the ChoicePoint sold important information without checking the background and credentials of buyers. This caused the company various fines and until 2008 the amount paid for compensations reached to $55 millions. This paper critically analyzes the root causes of the data breach at ChoicePoint while providing significant discussion on prevention methods. In addition to this, the sufficiency of fines imposed on ChoicePoint and effectiveness of the changes implemented by the organization in regard to data security are also discussed. Data Breach at Choice Point Introduction This paper aims to study and discuss data breach from different perspectives while making reference to the renowned data breach incident at ChoicePoint. The organization purchases the personal information of individuals including their names, birthdates, credit histories, social security numbers, employment data etc. These are then sold to different government agencies and businesses. Hence a significant number of marketing, accounting, human resources and finance managers depend upon the ChoicePoint to gain background information, verifications and customer leads. In 2000 ChoicePoint failed to protect its information records while selling them to unauthorized customers. This led the company to substantial loses and it had to pay fines for the next few years. In this paper, the root causes of this event are discussed including the prevention methods against data breach. Moreover, the sufficiency of fines imposed on the organization are discussed and the changes implemented by the organization after the data breach incident are also critically analyzed. Discussion Root Causes of Data Breach at ChoicePoint There are certain causes due to which customers’ information at ChoicePoint was compromised. For instance, the Federal Trade Commission claims that the company did not have realistic procedures to screen the potential subscribers which indicate substantial application issues. Hence it can be said that ChoicePoint failed to recognize the obvious threats present within its system. The Federal Trade Commission further declares that ChoicePoint did not take notice of its in appropriate application procedures while failing to keep check on subscribers even after getting notifications from law enforcement agencies regarding the fraudulent activities similar to those identified in 2001 (Farrell, 2006). Another significant cause due to which the consumer data was easily misused by subscribers was the violation of Fair Credit Reporting Act by ChoicePoint. Companies handling and selling customer data to government agencies and businesses are extensively required to ensure that the subscribers have authenticity to use data while also having a permissible reason to obtain them. However, ChoicePoint actually failed to recognize the identities of its subscribers while also being unable to evaluate their intentions to use the data (Farrell, 2006). Furthermore, it was identified that the organization was continuously providing credit reports to the criminal associations even after recognizing some false accounts set up at ChoicePoint (Sullivan, 2006). Consequently it had to discontinue its business operations particularly those in which sensitive consumer data was sold to subscribers. Moreover, the company faced a significant reduction of $15 million to $20 millions in its revenues (Scalet, 2005). Prevention from Data Breach Analysts argue that the incident of Data Breach reported at ChoicePoint could have been prevented through making significant changes in the company policy and the overall subscribers’ application procedure. Research and cost analysis indicates that it is easy and highly cost effective for organizations to act proactively when they are trusted with sensitive information of mass population. This is actually better than making changes in company procedures after data breach (Jones, 2012). Proactive approach has to be adopted by the organizations and law enforcement agencies both. For instance, new technologies must be developed to help in protecting customer data and laws must be updated as per the upcoming data breach challenges. It should be followed by the restoration of identity standards (Pollack, 2013) i.e. individuals subscribing to ChoicePoint must have to prove their identity and the purpose for which they need to access sensitive customer information. Data breach could have been prevented at ChoicePoint through the implementation of following procedures (Breach Prevention Overview, 2014): Risk Assessment: At the initial step ChoicePoint must have assessed the potential risks faced by the organization. Here, it could have gained help from security experts and law enforcement agencies. Compliance and Mitigation: Laws regarding data breach are significantly complex in nature. Thus it was appropriate for ChoicePoint to observe and alleviate risks prior to the actual incident of data breach. Breach Preparedness: This relates to the fact that data breaches can take place even when the organization has implemented risk assessments and compliance procedures. In order to meet such challenges the organization must have breach preparedness which will facilitate it in identifying the offenders and compensating the customers’ loss. Sufficiency of fines imposed on ChoicePoint Once the data breach was identified at ChoicePoint the Federal Trade Commission imposed serious penalties upon the organization including a fine of $10 million. The fine was considered sufficient to compensate the loss of 160,000 consumers. It was also recognized as the largest fine ever imposed by FTC on any organization. In addition to this, ChoicePoint was later asked to pay $5 million in a trust fund so as to facilitate individuals who were somehow affected by the identity theft (Vijayan, 2006). Another research reveals that the organization incurred total $26 million in fees and fines as additional $10 million were spent on the lawsuit of civil class-action whereas more than $500,000 was paid in terms of legal fees and different compensations (Romanosky, 2008). In my opinion the fines imposed on ChoicePoint were significant enough from hindering such an incident to happen again. The company had compromised the privacy of its consumers while on the other hand it also broke the federal laws and misled individuals about its privacy policy (Mohammed, 2006). Hence it was important to impose such huge fines so that no other company can violate laws of Federal Trade Commission. ChoicePoint’s data breach case also affected the security policies of other businesses by exposing them to the national level. Although significant data breach prevention measures were ensured by the law enforcing agencies after the incident but research indicates that malware and frauds are still increasing in the corporate sector. One of the reasons for such an increase in data breach and other similar activities is lack of ethics. Therefore apart from imposing fines law enforcement agencies and Federal Trade Commission must also increase ethical and moral guidance for these businesses in order to transform them in responsible members of the community. Effectiveness of changes implemented by ChoicePoint ChoicePoint made a number of changes in its procedures and policies following the data breach incident in 2005. Initially the company suspended all the apprehensive accounts while also rejecting few of the business license requests. Moreover, the company gave special attention to its validation process and made a public announcement that now the data will not be available to non-government and privately held organizations (Otto, 2006). Here, one of the most important changes made by the organization was to acknowledge its mistakes and compensating the loss of customers (Data Security: ChoicePoints Lessons Learned, 2006). This was followed by changes in the stock trading policy of the organization (ChoicePoint Inc. to pay $15 million over data breach, 2006). One report indicates that ChoicePoint changed its business model which increased the company’s operating charges from $8 to $10 millions (FTC hits ChoicePoint with $10 million fine over breach, 2006). The company also made a firm decision of limiting its sales unless the purchaser was associated with an accredited bank (Wright, 2014). All of these steps were taken to ensure that personal information of customers is protected up to the maximum extent (Bosworth, 2005). I personally believe that these changes played an important role in restoring the credibility of the organization while influencing other organizations to make similar changes in order to prevent data breach. Conclusion The above research and discussion reveals the fundamental causes of data breach at ChoicePoint while also discussing the prevention methods. Moreover, the sufficiency of fines imposed on the organization is discussed in detail and the effectiveness of subsequent changes made in organizational procedure by ChoicePoint is also mentioned. References Bosworth, M. (2005). Guilty Plea in ChoicePoint Data Theft. Retrieved July 18, 2014, from Free Republic. Breach Prevention Overview. (2014). Retrieved July 18, 2014, from ID Experts. ChoicePoint Inc. to pay $15 million over data breach. (2006). Retrieved July 18, 2014, from Gainesville. Data Security: ChoicePoints Lessons Learned. (2006). Retrieved July 18, 2014, from Base Line Magazine. Farrell, C. & Rich, J. (2006). ChoicePoint Settles Data Security Breach Charges; to Pay $10 Million in Civil Penalties, $5 Million for Consumer Redress. Retrieved July 18, 2014, from Federal Trade Commission . FTC hits ChoicePoint with $10 million fine over breach. (2006). Retrieved July 18, 2014, from Jacobs Media Corporation. Jones, M. (2012). Data Breaches: Recent Developments in the Public and Private Sectors. A Journal of Law and Policy for the Information Security , 555-580. Mohammed, A. (2006). Record Fine for Data Breach. Retrieved July 18, 2014, from The Washington Post. Otto, P. A. (2006). The ChoicePoint Dilemma: How Data Brokers Should Handle the Privacy of Personal Information. North Carolina State University Technical Report . Pollack, D. (2013). A Decade of Breach: The More Things Change, the More They Stay the Same. Retrieved July 18, 2014, from ID Experts. Romanosky, S. T. (2008). Do Data Breach Disclosure Laws Reduce Identity Theft? Tuck School of Business , 1-20. Scalet, S. (2005). ChoicePoint Data Breach: The Plot Thickens. Retrieved July 18, 2014, from CXO Media, Inc. Sullivan, B. (2006). ChoicePoint to Pay $15 million over data breach. Retrieved July 18, 2014, from NBC News. Vijayan, J. (2006). FTC imposes $10M fine against ChoicePoint for data breach. Retrieved July 18, 2014, from Computer World. Wright, B. (2014). ChoicePoint Marked New Era in Data Security Law. Retrieved July 18, 2014, from SANS Technology Institute. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Data Breach at ChoicePoint Research Paper Example | Topics and Well Written Essays - 1250 words, n.d.)
Data Breach at ChoicePoint Research Paper Example | Topics and Well Written Essays - 1250 words. https://studentshare.org/information-technology/1834308-55-million-data-breach-at-choicepoint
(Data Breach at ChoicePoint Research Paper Example | Topics and Well Written Essays - 1250 Words)
Data Breach at ChoicePoint Research Paper Example | Topics and Well Written Essays - 1250 Words. https://studentshare.org/information-technology/1834308-55-million-data-breach-at-choicepoint.
“Data Breach at ChoicePoint Research Paper Example | Topics and Well Written Essays - 1250 Words”. https://studentshare.org/information-technology/1834308-55-million-data-breach-at-choicepoint.
  • Cited: 0 times

CHECK THESE SAMPLES OF Data Breach at ChoicePoint

Data Breach of South Africa Police

According to Rouse, “A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so.... ?? As such, this paper seeks to discuss the data breach of South Africa Police and evaluate its impact on different people affected by this action.... This security breach is known as ‘hacktivism' and this data breach has negatively affected the police service and other individuals involved....
3 Pages (750 words) Essay

Data Model and Data Flow Diagram

PresRX is a new online pharmacy that wants to provide prescription and non-prescription drugs to Canadian consumers.... When a customer goes online, he is shown the drugs PresRX sells.... To make the shopping easy, we allow the customer to search our products based on the following categories: pharmaceutical company, product type (prescription or non-prescription), drug type (antibiotics, antidepressant drugs or vitamins or cold/ flu drugs etc....
6 Pages (1500 words) Essay

The Security Breach at Nelm

In the paper “The Security breach at Nelm” the author analyzes the security breach, which has resulted in data being acquired by unauthorized users tapping into the system and gaining access to sensitive files.... hellip; The author states that there is also the possibility that an outsider has taken advantage of the system configuration and its security flaws to gain unauthorized access to the data.... n most cases, data is stolen by the easiest method possible....
2 Pages (500 words) Case Study

Impact of Data Storage on Technology

The greater the volume of data a computer can store and retrieve, the more “information power” it can bring to the user.... Husin, as follows: “1) search and retrieval speed; 2) flexibility in handling and manipulating data level.... Here, there is a need for consistency and forced harmony of data to enable data search; data Storage Usage data Storage and Retrieval are just two of the essential, distinctive capabilities that give “power” to a computer in terms of usability....
2 Pages (500 words) Essay

T. J. Maxx breach

Federal Information Security and data breach Notification Laws, CRS Report for Congress, pp.... Maxx breach, Computer sciences and Information technology enter the Number or College 7th December, 2011.... Due to the TJX breach not only TJX had to suffer but also different banks had to pay the penalty by reissuing the cards to their customers.... 1) suggests that the external reports of the breach should be given importance.... ), losses of confidentiality, integrity, and availability are important because they are private and confidential data of the customers....
2 Pages (500 words) Research Paper

Breach of Confidentiality

This, however, is becoming incredibly… This paper will examine a real case of breach of confidentiality, focusing on the facts involved, and how it could have been prevented. Physicians are bound by the obligation to keep the health breach of Confidentiality breach of Confidentiality Confidentiality refers to a patient's right to have information about his or her health status concealed.... This paper will examine a real case of breach of confidentiality, focusing on the facts involved, and how it could have been prevented....
2 Pages (500 words) Essay

Compromised and Lost Data

In specific, there should be data recovery policy to respond effectively and swiftly to security breach.... Nemours is a company, which manages the children's health systems information data.... data compromise and loss affiliation data compromise and loss Nemours is a company, which manages the children's health systems information data.... Those missing encrypted backup tapes comprised of social security numbers, names, bank account information on direct deposit, information on insurance, addresses, medical treatment data and the date of births....
3 Pages (750 words) Assignment

Repudiatory Breach of Contract

hellip; In exceptional cases, as decided by the House of Lords in the case of Attorney General v Blake [2000] 3 WLR 625 the innocent party who has suffered no loss as a result of the breach may recover the resultant profits which the other party has gained.... The element prohibits anticipatory breach or repudiation of a contract.... hus breach of contract occurs when one of the parties to the contract fails to perform his part of the contract either fully or in part to the detriment of the other party who is innocent....
8 Pages (2000 words) Coursework
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us