Excerpt from EPIC's letter to the FTC trying to compel the agency to
target ChoicePoint:
http://epic.org/privacy/choicepoint/fcraltr12.16.04.html
"ChoicePoint, one of the largest data aggregation companies, became
independent from Equifax, a leading U.S. credit rating agency, in 1997.
ChoicePoint has bought more than 40 companies and competitors, and
obtains 40,000 new public records daily for its database of more than 19
billion records. Choicepoint contracts with about 35 federal agencies to
supply data. The company's slogan is "Smarter Decisions. Safer World."
ChoicePoint's reply follows.
-Declan
---
http://www.choicepoint.com/news/2000election.html
ChoicePoint Corrects EPIC Errors, Calls for Privacy Group to Join Discussion
December 29, 2004
Mark Rotenberg
President
Electronic Privacy Information Center
1718 Connecticut Avenue, NW
Suite 200
Washington, DC 20009
Dear Mr. Rotenberg:
It was with great disappointment that I read EPIC’s latest attack on
ChoicePoint in Mr. Hoofnagle’s letter to the Federal Trade Commission
(FTC) dated December 16, 2004. ChoicePoint has consistently reached out
to EPIC – and you personally – to discuss what we do and how we do it
and, especially, our company’s compliance with the fair information
practice principles, relevant privacy laws, and a variety of privacy
regulations. EPIC, unlike other privacy and consumer advocacy
organizations, has consistently refused these efforts at a constructive
dialogue.
The result is yet another inaccurate, misdirected, and misleading attack
by EPIC. EPIC has filed this letter with the FTC, posted it on your web
site, and circulated it in your recent EPIC Alert, all without
contacting us. Frankly, it is hard to see Mr. Hoofnagle’s letter as an
attempt to influence policy instead of a narrow attack vehicle. That
said, it appears that there are two primary claims in the letter:
* That ChoicePoint may be violating the FCRA by providing
information held in FCRA-governed databases to government agencies, law
enforcement agencies, and others for non-FCRA purposes; and
* Even if ChoicePoint has not violated the FCRA, it is only because
the FCRA is inappropriately narrow and constricted, which allows
ChoicePoint to “artfully” avoid the FCRA.
Both charges are baseless.
ChoicePoint fully complies with the FCRA, including the new Fair and
Accurate Credit Transactions Act (FACTA), where they apply to our
products and services. This compliance has led ChoicePoint to take steps
that others in our industry do not take. For example, ChoicePoint –
apparently alone among information companies – has applied the new
“603(w)” requirements in FACTA to our employment and tenant screening
products. At real expense, we created a streamlined process to provide a
free copy of these reports to consumers once a year upon their request.
Where the FCRA does not govern our products and services, a host of
other federal and state privacy laws and industry-initiated
self-regulatory principles often do apply.1 Our Public Records Group2
provides consumers with access to some of the same reports about
themselves that our customers receive. In addition, we provide consumers
with a host of other “self-check” records and reports at our
ChoiceTrust3 and KnowX4 web sites.
We also provide consumers with information about the sources of our
reports so they can go to the original source to correct errors.
Correction at the source is vital because other information vendors may
also collect and report the same records. However, if the error is our
responsibility, we correct the error in our records.
Mr. Hoofnagle’s charge that the FCRA is inappropriately narrow is simply
a disagreement on the public policy choices made by Congress and state
legislatures. As you know, Congress clearly intended to limit the scope
of the FCRA to specific types of reports for specific transactions.5 It
was not meant to be omnibus privacy legislation. Information used for
investigative, law enforcement, or governmental purposes is not
regulated in the same manner as is the information used to make
decisions related to credit, insurance, or employment.
The topic of the responsible use of information is a vital one to our
society. Like ChoicePoint chairman and CEO Derek Smith, in his recently
published book, Risk Revolution, we support a national debate on this
very topic. We have met with many privacy and consumer advocacy groups
on this topic because we believe that real improvements in both homeland
security and the protection of personal privacy will only come through a
constructive dialogue among the interested parties, including
ChoicePoint and EPIC. The ideas outlined in Risk Revolution or discussed
by these groups may or may not be enacted into public policy, but the
debate is important to have.
Finally, EPIC, relying on inaccurate information, reprises discredited
charges linking ChoicePoint with the 2000 election in Florida as an
example of a “pre-FCRA” era of “unaccountable data companies.” Simply
put, ChoicePoint played no role in the Florida election in 2000.
Database Technologies (DBT) performed the legally-mandated review of
Florida’s voter rolls prior to our acquisition in 2000. The process, a
part of which included DBT, was created by the Florida legislature and
implemented by state election officials. DBT was hired to create an
overly inclusive list of potential voter exceptions based on criteria
established by the Secretary of State, which DBT told the state might
create false positives. County election supervisors – not DBT – were
solely responsible for verifying the eligibility to vote of any voter
identified by DBT on the exceptions list. In particular, county election
supervisors – not DBT – were solely responsible for the decision to
remove any voter from the rolls.
While we will discuss this matter with the FTC directly, we remain ready
to meet with you and others on your staff to discuss your concerns about
our company or our industry.
Sincerely,
Doug Curling
cc: Federal Trade Commission
_______________________
1 The Gramm-Leach-Bliley Act (15 U.S.C. §§6801 – 6809), the Driver’s
Privacy Protection Act (18 U.S.C. §2721 et seq.), various public records
laws and court rules and procedures, and Direct Marketing Association
guidelines apply to different products and services.
2 The Public Records Group provides AutoTrackXP and supports a
substantial portion of our non-FCRA information product offerings.
3 http://www.choicetrust.com
4 http://www.knowx.com
5 The FCRA applies to information that relates to a consumer’s “credit
worthiness, credit standing, credit capacity, character, general
reputation, personal characteristics, or mode of living” only when that
information is used or expected to be used as a factor in establishing
the consumer’s eligibility for insurance, credit, employment, or other
specific, enumerated purposes. (15 U.S.C. §1681a(d))
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2.1.3 : Mon Jan 10 2005 - 22:16:40 PST