|
|
|
Presentation to Association of Certified Fraud Examiners
Carol DiBattiste, Chief Credentialing, Compliance and Privacy Officer
July 12, 2005 |
 |
In the last year, more than nine million Americans were victims of identity theft. How much does this cost society as a whole? About 50 billion dollars a year.
Who can guess the most common way people have their identities stolen? Most thieves get Social Security numbers or your credit card account numbers the old-fashioned way . . . they steal your bill or get your number off a receipt.
A survey released by Deloitte & Touche last month found that three out of four adults think that consumers have lost all control over how personal information is collected and used by companies.
Half believed that businesses were not handling their personal information in a proper and confidential way. For the businesses in the audience today, that’s a pretty sobering statistic. And close to 60 percent thought that existing laws and organizational practices do not provide enough protection for consumer privacy.
That is why the 16th Annual Association of Certified Fraud Examiners Conference and Exhibition – the largest gathering of anti-fraud professionals in the world – is so important. Fraud-fighting professionals need the most up-to-date solutions that can be quickly understood and implemented.
My name is Carol DiBattiste, and I work for ChoicePoint. I am ChoicePoint’s Chief Credentialing, Compliance and Privacy Officer. I am honored to be here.
Today I want to talk to you about three things:
- I want to update you on what ChoicePoint has done following its recent fraud incident,
- I want to tell you about ChoicePoint’s commitment to implementing the best policies and practices in the industry, and
- I want to give you some specific examples of the changes ChoicePoint has made and will continue to make.
My role with the company is a new one, having started with ChoicePoint on April 25, 2005. But my appointment shows how seriously ChoicePoint takes the challenges facing the consumer data industry. I oversee all of the company’s credentialing and privacy policies and compliance with law, regulation and policy related to credentialing and privacy.
My background is in law enforcement, transportation security and the military, and I have more than 32 years of experience in these fields.
I have spent a large portion of my career as a prosecutor. I understand crime.
I spent 23 years in the military, in both active and civilian capacities, most recently as the Under Secretary of the Air Force. I know about readiness and discipline.
I spent the last two years at the Department of Homeland Security, working on transportation security following the September 11th attacks.
In my career, I’ve also worked on the major security issues facing our country, from the Oklahoma City bombing, to the Olympic Park bombing, to the downing of TWA Flight 800. I understand the serious threats facing the security of our country and the need to take care of victims. Following the events in London last week, we’ve all seen just how serious those threats can be.
My experience and background give me great insight into the security challenges facing ChoicePoint and I look forward to my role with the company.
Let me give you an overview of what we do at ChoicePoint, and our values and commitment to protecting the security of information and consumer privacy.
ChoicePoint provides identification and credential verification to businesses, governments and non-profit organizations, providing information for key decision making. We have 5,000 associates in 60 locations.
We serve more than 7,000 federal, state and local law enforcement agencies, as well as a significant number of Fortune 500 companies, more than 700 insurance companies and many large financial services institutions. The majority of transactions our business supports are initiated by consumers. Last year, ChoicePoint helped more than 100 million American consumers secure home and auto insurance, more than seven million American consumers get jobs through our WorkPlace Solutions pre-employment screening services, and more than one million consumers obtain expedited copies of their vital records: birth, death and marriage certificates.
In addition to helping consumers, ChoicePoint helps agencies at all levels of government fulfill their mission to safeguard our country and its citizens. Our products and services are also used by many nonprofit organizations. For example, we have identified 11,000 undisclosed felons among those volunteering or seeking to volunteer with the nation's leading youth service organizations.
Our Bode Technology Group, the largest private DNA laboratory in the country, worked to identify victims of the September 11th attacks, and our ADAM service helps law enforcement officials find missing children by broadcasting photographs to key locations.
But, most importantly, ChoicePoint is a company committed to implementing the best policies and practices in our industry to secure and protect information, ensure it is used for permissible purposes and ensure people’s privacy interests are protected.
Having said that, I would like to talk about ChoicePoint’s commitment to those policies and procedures.
ChoicePoint has taken decisive actions to deal with the recent fraud incident in California, where criminals fraudulently accessed personal information.
In addition to notifying all potentially affected consumers, ChoicePoint provided benefits to help potentially affected consumers that no other information company had done before and that several companies have since emulated – including setting up dedicated call centers and Web sites and providing free three-bureau credit reports and one year of credit monitoring. To further help affected consumers, ChoicePoint has partnered with the Identity Theft Resource Center, a national nonprofit organization dedicated exclusively to assisting victims of identity theft.
ChoicePoint also made broad changes to its products. Specifically, ChoicePoint no longer distributes information products that contain sensitive, personally identifiable information, including Social Security numbers and driver’s license numbers, except when the products meet one of three very specific needs:
- The product supports consumer driven transactions (examples include obtaining insurance or a mortgage, or opening a bank account);
- The product provides authentication or fraud prevention tools to large accredited corporate clients (examples include insurance companies, banks, mortgage companies and non-bank credit grantees) to verify identities of individuals who are coming to them as part of a consumer-initiated transaction, essentially to verify the consumer. Also used for claims investigations, essentially if used to investigate a fraudulent insurance account;
- When personally identifiable information is needed to assist federal, state or local government and criminal justice agencies in their important missions (for example, help with law enforcement investigations).
ChoicePoint also appointed Robert McConnell, a 28-year veteran of the Secret Service and former chief of the federal government’s Nigerian Organized Crime Task Force, to serve as liaison to law enforcement officials. In his role, Bob works aggressively to assist law enforcement in prosecuting identity theft. Bob will also help us to ensure that ChoicePoint’s security and safeguard procedures continue to evolve and improve.
ChoicePoint created an independent Credentialing, Compliance and Privacy office, specifically to enhance consumer privacy protections. I am now serving as the company’s – and indeed the industry’s – first chief credentialing, compliance and privacy officer. I report directly to the Privacy Committee of the Board of Directors.
The mission of my office is to achieve industry-leading credentialing, compliance and privacy program objectives that reinforce the responsible use and protection of ChoicePoint data and services and continue to build credibility with the privacy community, the government, consumers and the general public.
We have made significant changes in the last 60 days.
We engaged the services of Ernst & Young LLP to conduct a best practices study and to help the company develop additional, standard-setting privacy, credentialing and compliance practices. Ernst & Young will review our current processes and compare them against the best practices in our industry and the general corporate community. Once that phase is completed, Ernst & Young will assist us in further enhancing an industry-leading compliance program.
We are continuing to develop policies on credentialing, compliance and privacy that are both effective and representative of industry-leading thought. For example, we have created policies that apply to Internet security and general requests for information. We are also working on a consumer notification policy in the event of a breach and have more policies in the pipeline after that.
We are also creating both internal and external credentialing and compliance programs to protect the security of information as well as consumer privacy. A performance metrics program will be developed to measure effectiveness and progress in achieving our objectives.
In addition to these changes, ChoicePoint has gone beyond its commitments announced last March to make substantial changes.
We have created a centralized Corporate Credential Center whose sole function is to credential new customers, recredential existing customers and standardize credentialing procedures.
We are also strengthening our customer credentialing procedures. What that means is we now conduct site visits to customers who receive sensitive, personally identifiable information and we have tightened and enhanced user ID and password protections. We also use multiple sources to verify customer authenticity and we have not credentialed those who do not meet our standards. Since April of this year, we have denied credentials to nearly 300 customers who have not met our strengthened credentialing standards.
ChoicePoint provides consumers with access to their public records data through our ChoiceTrust Web site. Consumers can visit this Web site and order a free report of their public records data. Consumers also have an opportunity to correct any mistakes. We have already created a privacy Web site at www.choicepoint.com to educate the public on our information policies.
We have added additional controls on media security such as tapes. We provide special protection for sensitive personal information, such as Social Security numbers, dates of birth and driver’s license numbers. Often we truncate or suppress these numbers.
Even with the significant changes we have made, we understand consumers and society are demanding a more robust set of laws and regulations on how their information is used, by whom and when.
We believe regulation will give consumers additional protections, remove risk from the industry model and ensure all competitors are playing on the same, level field.
We support independent oversight and increased accountability for all entities – including the public sector, academia and other private sector organizations – that handle consumer data. Identity theft is not a crime that contains itself to a particular industry and, as such, we believe laws and regulations should not be limited to companies like ChoicePoint.
And we are mindful of the concern federal and state regulators and legislators have regarding the protection of consumer information. In fact, we testified before the Congress of the United States and the California state senate and we believe for consumer notification to be effective, there needs to be a nationwide standard. That is why we support a preemptive, nationwide notification law.
Identity theft is a crime that does not stay inside state borders. We believe consumers’ interests are best protected by one uniform policy.
We also support increased penalties for those criminals who commit identity theft and business fraud.
And lastly, and we support expanding the principles of the Fair Credit Reporting Act to public record data uses. That means providing a right of access and a right to question the accuracy of public filing information used to make decisions about people. There are technical and logistical issues to be solved, but they are solvable.
In conclusion, I’d like to leave you with a couple of thoughts today.
Number one, ChoicePoint is committed to sound transparent leadership. That is why we took the actions that we did in the past few months, including providing consumer assistance through our toll-free number 1-877-547-2518 and through our Web site www.choicepoint.com. We’ve restricted the display and delivery of sensitive, personally identifiable information such as Social Security numbers and dates of birth. And we’ve created a new Office of Credentialing, Compliance and Privacy.
Number two, we are committed to implementing the best policies and practices in our industry. We want to further strengthen the way in which we credential our customers. We want more access for consumers to check their personal information. And we want to educate the public – including customers, industry, consumers, law enforcement and lawmakers – about all of our information policies and practices. And we will do that by speaking out to groups like you and working with you to tackle this issue head on.
I thank you for allowing me to speak to you today and I am excited about working with you going forward.
|
|
|
|
Protecting Yourself