Excerpt from EPIC's letter to the FTC trying to compel the agency to target ChoicePoint: http://epic.org/privacy/choicepoint/fcraltr12.16.04.html "ChoicePoint, one of the largest data aggregation companies, became independent from Equifax, a leading U.S. credit rating agency, in 1997. ChoicePoint has bought more than 40 companies and competitors, and obtains 40,000 new public records daily for its database of more than 19 billion records. Choicepoint contracts with about 35 federal agencies to supply data. The company's slogan is "Smarter Decisions. Safer World." ChoicePoint's reply follows. -Declan --- http://www.choicepoint.com/news/2000election.html ChoicePoint Corrects EPIC Errors, Calls for Privacy Group to Join Discussion December 29, 2004 Mark Rotenberg President Electronic Privacy Information Center 1718 Connecticut Avenue, NW Suite 200 Washington, DC 20009 Dear Mr. Rotenberg: It was with great disappointment that I read EPIC’s latest attack on ChoicePoint in Mr. Hoofnagle’s letter to the Federal Trade Commission (FTC) dated December 16, 2004. ChoicePoint has consistently reached out to EPIC – and you personally – to discuss what we do and how we do it and, especially, our company’s compliance with the fair information practice principles, relevant privacy laws, and a variety of privacy regulations. EPIC, unlike other privacy and consumer advocacy organizations, has consistently refused these efforts at a constructive dialogue. The result is yet another inaccurate, misdirected, and misleading attack by EPIC. EPIC has filed this letter with the FTC, posted it on your web site, and circulated it in your recent EPIC Alert, all without contacting us. Frankly, it is hard to see Mr. Hoofnagle’s letter as an attempt to influence policy instead of a narrow attack vehicle. That said, it appears that there are two primary claims in the letter: * That ChoicePoint may be violating the FCRA by providing information held in FCRA-governed databases to government agencies, law enforcement agencies, and others for non-FCRA purposes; and * Even if ChoicePoint has not violated the FCRA, it is only because the FCRA is inappropriately narrow and constricted, which allows ChoicePoint to “artfully” avoid the FCRA. Both charges are baseless. ChoicePoint fully complies with the FCRA, including the new Fair and Accurate Credit Transactions Act (FACTA), where they apply to our products and services. This compliance has led ChoicePoint to take steps that others in our industry do not take. For example, ChoicePoint – apparently alone among information companies – has applied the new “603(w)” requirements in FACTA to our employment and tenant screening products. At real expense, we created a streamlined process to provide a free copy of these reports to consumers once a year upon their request. Where the FCRA does not govern our products and services, a host of other federal and state privacy laws and industry-initiated self-regulatory principles often do apply.1 Our Public Records Group2 provides consumers with access to some of the same reports about themselves that our customers receive. In addition, we provide consumers with a host of other “self-check” records and reports at our ChoiceTrust3 and KnowX4 web sites. We also provide consumers with information about the sources of our reports so they can go to the original source to correct errors. Correction at the source is vital because other information vendors may also collect and report the same records. However, if the error is our responsibility, we correct the error in our records. Mr. Hoofnagle’s charge that the FCRA is inappropriately narrow is simply a disagreement on the public policy choices made by Congress and state legislatures. As you know, Congress clearly intended to limit the scope of the FCRA to specific types of reports for specific transactions.5 It was not meant to be omnibus privacy legislation. Information used for investigative, law enforcement, or governmental purposes is not regulated in the same manner as is the information used to make decisions related to credit, insurance, or employment. The topic of the responsible use of information is a vital one to our society. Like ChoicePoint chairman and CEO Derek Smith, in his recently published book, Risk Revolution, we support a national debate on this very topic. We have met with many privacy and consumer advocacy groups on this topic because we believe that real improvements in both homeland security and the protection of personal privacy will only come through a constructive dialogue among the interested parties, including ChoicePoint and EPIC. The ideas outlined in Risk Revolution or discussed by these groups may or may not be enacted into public policy, but the debate is important to have. Finally, EPIC, relying on inaccurate information, reprises discredited charges linking ChoicePoint with the 2000 election in Florida as an example of a “pre-FCRA” era of “unaccountable data companies.” Simply put, ChoicePoint played no role in the Florida election in 2000. Database Technologies (DBT) performed the legally-mandated review of Florida’s voter rolls prior to our acquisition in 2000. The process, a part of which included DBT, was created by the Florida legislature and implemented by state election officials. DBT was hired to create an overly inclusive list of potential voter exceptions based on criteria established by the Secretary of State, which DBT told the state might create false positives. County election supervisors – not DBT – were solely responsible for verifying the eligibility to vote of any voter identified by DBT on the exceptions list. In particular, county election supervisors – not DBT – were solely responsible for the decision to remove any voter from the rolls. While we will discuss this matter with the FTC directly, we remain ready to meet with you and others on your staff to discuss your concerns about our company or our industry. Sincerely, Doug Curling cc: Federal Trade Commission _______________________ 1 The Gramm-Leach-Bliley Act (15 U.S.C. §§6801 – 6809), the Driver’s Privacy Protection Act (18 U.S.C. §2721 et seq.), various public records laws and court rules and procedures, and Direct Marketing Association guidelines apply to different products and services. 2 The Public Records Group provides AutoTrackXP and supports a substantial portion of our non-FCRA information product offerings. 3 http://www.choicetrust.com 4 http://www.knowx.com 5 The FCRA applies to information that relates to a consumer’s “credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living” only when that information is used or expected to be used as a factor in establishing the consumer’s eligibility for insurance, credit, employment, or other specific, enumerated purposes. (15 U.S.C. §1681a(d)) _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2.1.3 : Mon Jan 10 2005 - 22:16:40 PST