Monday, June 20, 2005

Article: ChoicePoint and "Garbage In, Garbage Out"

Baseline magazine's Web site offers a full-length feature article, "ChoicePoint: Blur," which investigates inaccuracies in sensitive personal information distributed by data brokers, in this case ChoicePoint of Alpharetta, Georgia. ChoicePoint sold personal information—such as addresses, Social Security and driver's license numbers, and birth dates and locations—of about 145,000 individuals to Nigerian criminals posing as legitimate businesses. [Update 1/26/2006] The U.S. Federal Trade Commission (FTC) has levied a US$10 million fine on ChoicePoint for violations of the Fair Credit Reporting Act (FCRA). The FTC also expects ChoicePoint to establish a US$5 million "trust fund for individuals who might have become victims of identity theft as a result of the breach." The focus of the Baseline article however, isn't identity theft. Instead, the authors concentrate on the erroneous data that ChoicePoint supplies to its customers—legitimate or otherwise—and the company's failure to even attempt to verify the accuracy of third-party personal data it acquires and publishes. The Electronic Privacy Information Center (EPIC) has been pursuing details of government use of CheckPoint data since filing a Freedom of Information Act request in 2001. EPIC wants the FTC to regulate all CheckPoint data that contains sensitive personal information under the Fair Credit Reporting Act (FCRA), which gives consumers the right to view their records and correct erroneous information. Bruce Schneier weighs in with an observation that persons whose personal information was improperly disclosed by ChoicePoint to identity thieves would not have occurred were it not for California's S.B. 1386. S.B. 1386, the California Information Practices Act, requires data brokers and other organizations to report improper disclosure of unencrypted personal data on California residents. --rj P.S. eWeek magazine's "Garbage In, Garbage Out of Control" article by Linda Voss raises the issue of users drawing incorrect conclusions from bad data, erroneous correlations, improper analytics, flawed visualizations, or all four. If the users are local law-enforcement personnel, as was the case for two examples that the Baseline article describes, the military, or federal anti-terrorist agencies, incorrect conclusions drawn from database applications can have serious consequences.