Back in 2005, headlines around the country trumpeted the news that private information on 163,000 people had been stolen from Choicepoint, a data services company. Consumer concerns bout identity theft spiked and Choicepoint was held up as an example of everything that was wrong with data security. That was then.

Today, the company has become what one expert from Gartner called “a role model for data security and privacy practices.” Earlier this year, Daniel Lemecha, ChoicePoint’s chief information officer and senior vice president spoke at the 2007 IDC IT Forum & Expo in Boston about what Choicepoint learned from its experience.

Lemecha’s speech isn’t available online, but he made several recommendations about data security that are valid for you, even if you’re not large data services company. Here they are.

“Clearly define expected behavior and provide tools to simplify compliance for employees.”

Make sure you tell people who handle sensitive information for you what they’re expected to do. Check regularly to see that they’re doing it.

“Create data breach response policies and procedures: Who should be contacted in the event of a breach, and what should the company do for affected customers?”

I’d add one more thing. Develop some standards for when an employee should bring a possible problem to your attention. Make it easy for the people who handle sensitive information to become part of the solution.

“Determine the credentials of those you work with and those who work for you.”

Lemecha advised background checks for employees on a regular, ongoing basis, rather than just at the point of hire. I’d add that you should write into your contracts for folks with access to sensitive information that you will perform routine background checks on them.

Choicepoint has made an amazing turnaround, from poster child for reckless handling of sensitive information to role model for good behavior. Thanks to the lessons they learned, you can do better.

By Published on: November 17th, 2007Categories: Privacy0 Comments on Lessons from Choicepoint

Add a comment