California state Senators Jackie Speier and Michael Machado were both impressed by Don McGuffey, ChoicePoint Inc.’s vice president for data acquisition, who testified before them during a Banking, Finance and Insurance Committee hearing on Wednesday.
“What surprised me most was how responsive ChoicePoint has been,” said state Senator Michael Machado in an interview with Direct Newsline.
ChoicePoint has been party to several data protection hearings since its February announcement that it had sold data on 145,000 consumers to two scam artists was the first of a six-week period of consumer information breach disclosures.
Machado said that he felt ChoicePoint has been good about making modifications to its practices, such as masking “private indicators” before releasing files. ChoicePoint’s actions since the breach might be a framework for what he would push as industry standards, Machado said.
Furthermore, McGuffey testified that his company would support legislation permitting consumers to review and correct information held by compilers on them.
In contrast, LexisNexis, which was subject to a data break when legitimate passwords into its system were used by non-legitimate individuals, did not fare as well, in the senators’ estimation.
“LexisNexis played out the role of the company that hasn’t recognized the importance for change,” state Senator Jackie Speier, who chairs the Banking, Finance and Insurance committee said.
“[Just because] the industry has labeled personal information as non-sensitive information does not make it not sensitive to the consumer,” Speier continued. “That is just a clever label that has been applied, one that that most consumers would be outraged by.”
According to Speier, LexisNexis has not changed its practices, even in light of its breaches.
A pre-hearing briefing paper contained insights into legislators’ concerns. Several questions posed dealt with how the data industry functions, while others focused on whether consumers had adequate opportunity to review and correct their personal information, and whether further legislation was necessary.
Machado’s questions during the hearing focused on the client verification process – whether entities contacting data compilers had the authorization from the consumer to access the data.
Another indication of how the committee views consumer information cam from its discussion of compiled data. According to the industry paper, “aggregated public information is different than dispersed public information. Courts have found that public records located after searches of local government offices are protected by a ‘practical obscurity’ that information in electronic databases does not enjoy. The committee may want to consider this distinction in weighing options for consumer privacy protections in the data broker industry.”
But the most illustrative comment came from Speier, who told Direct Newsline “There will be some robust legislation in California.”
