Shostack + Friends Blog Archive

Choicepoint Roundup, March 11

Today is the “Legislative truckroll” edition.

• The Motley Fool says:
  

  Barring a miracle — or a busload of lobbyists and two truckloads of money (yeah, same difference) — regulation looks to be inevitable at this point. ChoicePoint’s breach alone might not have tipped the scales, but if many other businesses are being ransacked as well, and most importantly, if the privacy of actual senators is now at risk, I think it’s safe to say that regulation is on its way.

• Ecommerce Times:
  

  “Specific regulation of data brokers is a hot issue, and it’s going to be jumped on just like we got Sarbanes-Oxley after Enron,” Penn said. “Congress tends to wait for a huge public cry before they act,” and they just heard it.

• Chad @ Clearwater associates chimes in:
  

  Canadian and American governments should force the credit reporting industry to comply with exacting privacy standards that go well beyond PIPEDA or Safe Harbour. New legislation that regulates the credit reporting industry should also include information security standards. IT should go as far as HIPAA in setting guidelines for a privacy and information security management system.

• When the legislature met, there was so much to be said, that they’ll meet again next week. Summaries at MSNBC and the Financial Times:
  

  A US banking regulator on Thursday detailed several instances of security breaches at banks and previewed new guidelines on when banks must tell the customers about such lapses.

• Effect Measure points out that Choicepoint is handling background checks for Taser, International. I sure do hope there’s no cops in those 145,000 records, so that criminals can’t get those weapons.
• No, wait! Bruce Schneier reads the 8K, and points out that it says:
  

  These numbers were determined by conducting searches of our databases that matched searches conducted by customers who we believe may have had unauthorized access to our information products on or after July 1, 2003, the effective date of the California notification law.

• The Atlanta Journal Constitution notes that Harry Asher is a public menace, and their editorial today calls for shutting down data warehouses. (The NetSec blog has a great roundup.)
• Twinsguy is denied a job [link to http://twinsguy.blogspot.com/2005/03/random-thoughts.html no longer works] because of Choicepoint’s bad data. However, he’s not angry about it; he’s certainly not angry enough to lead today’s Two Minutes Hate, which is brought to you by TKID.

My prior Choicepoint posts, including analysis and roundup, are all linked here.

Originally published by adam on 11 Mar 2005
Last modified on 29 May 2017
Categories:   Choicepoint