We appreciate the creative efforts behind your “Dirty Dozen IT Embarrassments” slide show, posted at eweek.com. However, your slide regarding ChoicePoint is both misleading and inaccurate.
For the record, ChoicePoint was the victim of a very sophisticated data fraud incident, the likes of which became the subject of an intense and ultimately successful investigation by ChoicePoint and a task force composed of local and federal law enforcement agencies.
While we deeply regret the inappropriate access to any consumers information (and find it unacceptable), it is factually incorrect to use ChoicePoint as the example of the serious issues surrounding information security.
Despite your suggestion to the contrary, ChoicePoint wasnt the first company to experience a data incident, and we arent even in the Top 30 in terms of the number of individuals potentially affected by more than 300 incidents that have been disclosed over the past two years.
You can review the lists of 2005 and 2006 data incident disclosures, which have been posted by the nonprofit Identity Theft Resource Center (www.idtheftcenter.org/breaches.pdf).
Since ChoicePoints disclosure in 2005, we have devoted enormous resources and time to becoming an industry leader in protecting consumers privacy and their personal information.
In the past year and a half, ChoicePoint has passed more than 50 independent security audits, a fact that clearly demonstrates our commitment to protecting consumer privacy. We encourage you and your readers to visit our Web site (www.privacyatchoicepoint.com) to learn more about what we have done and are doing to protect personal privacy.
Chuck Jones
Director, External Affairs
ChoicePoint
Editors note: The full text of this response can be found at go.eweek.com/DirtyDozenBlog.