WASHINGTON – ChoicePoint's (search) chief executive apologized Tuesday to 145,000 customers exposed to identity theft, but he had difficulty convincing some lawmakers the company was doing enough to resolve the problem.
Derek Smith's testimony before a House Energy and Commerce Committee (search) panel was the first congressional appearance by a ChoicePoint executive since the data broker based in Alpharetta, Ga., disclosed last month that an enormous security breach compromised private information of Americans across the country.
"Let me begin by offering an apology on behalf of our company and my own personal apology to those consumers whose information may have been accessed by the criminals whose fraudulent activity ChoicePoint failed to prevent," Smith said.
Smith and LexisNexis (search) CEO Kurt Sanford, whose company also had a recent breach involving information from 32,000 Americans, endorsed some proposals to toughen federal laws governing consumer privacy but resisted calls for a blanket prohibition on the sale of Social Security numbers.
Such sales still might be necessary for law enforcement or collection of debts, the CEOs said.
But Rep. Ed Markey, D-Mass., contended they were just trying to protect their business' profitability at the expense of consumer protection.
"What we're hearing today is an industry still in denial, still doesn't recognize how many Americans value their privacy and are hoping to ride out this standard without having Congress make the changes necessary," said Markey.
Energy and Commerce Chairman Joe Barton, R-Texas, predicted Congress would approve a ban on selling Social Security numbers except in rare circumstances.
Markey dismissed as "absolutely preposterous" Smith's promise to provide the 145,000 affected customers a credit monitoring service for only one year. He unsuccessfully tried to get Smith to commit to a longer period.
Besides the monitoring service, Smith said ChoicePoint has given victims a toll-free customer service number and a special Web site for inquiries as well as a free three-bureau credit report. Those who actually suffer from identity theft would get further help, he said.
Smith said the breach, discovered last fall in California but not announced until Feb. 15, prompted "serious soul-searching" for ChoicePoint, and he acknowledged that "in retrospect, the company should have acted more quickly." As a result, ChoicePoint has decided to limit its sale of consumer information to small businesses.
Deborah Platt Majoras, chairman of the Federal Trade Commission, suggested Congress should extend laws governing the handling of private financial information to cover other sensitive information and require a public notice for security violations posing a significant risk to consumers.
Sanford said he supported both proposals, particularly the concept of a standard, national notification requirement. Without it, he said, state and local governments could bombard consumers with their own.
"If we do that, they're going to end up like the junk mail people get and go right in the trash can," Sanford said.
While Smith was testifying in front of the House panel, ChoicePoint Vice President Don McGuffey answered questions from the Senate Banking Committee — a hearing that was continued from last week.