Personal Privacy and Commercial Databases

First ChoicePoint and now Westlaw. Both are in hot water because of news because of real and potential security breaches. Both companies keep large databases of private records such as Social Security numbers, bank account numbers and residential addresses. This is not the first time ChoicePoint has made the headlines. In 2003, they were slammed for putting profit margins over ethics by selling voter registration information (registration required) on 65 million Mexican citizens to the US Government.

I once was given a demonstration of the ChoicePoint database and was amazed at the information within. They have two levels of access, one for businesses and another for licensed law enforcement officers. Needless to say, in order to demonstrate the system I was given a tour of both levels of access. Just to make sure no privacy rules were broken, we kept the browsing to my own profile but as I walked away from the booth I couldn’t help but think that that, as far as I could tell, the sales rep didn’t have law enforcement clearance.

So here’s the rub. How do you demonstrate a highly secure database that’s only supposed to have limited access. Commercial pressures are always going to drive you to bend the roles a bit, especially as you get towards the end of a quarter when sales goals need to be met.

Steve Goldstein, CEO of Alacra, just is thankful that his company isn’t in this kind of database business.

Update: ChoicePoint gets sued by California woman for fraud and negligence. [Wired]

Leave a comment