Impacts of ChoicePoints Negligence in Information Security - Case Study Example

ChoicePoint’s policies were proven to be insufficient and flawed in tackling fraud against the firm as the fraudsters were capable of evading being detected for a whole year. The simple mistakes by the company were the major causes of data breaches.

Question 2

            The pretexting attempt of the data breach impacted the business conducted by ChoicePoint negatively as the company was forced to disclose what had transpired and inform residents about their personal, informal being compromised. The federal-level charged the company with many negligence counts for failing to make use of realistic information security customs. At the same time, the Federal Trade Commission also charged the firm with the violation of giving credit reports to subscribers without permissible reasons to obtain them. The company saw a decline in income and an increase in expenses after the incident. At the same time, there were fines imposed on the firm by FTC fines (Otto, Anton & Baumer, 2007).  ChoicePoint’s paid a $10 million fine and $5 million to compensate their customers for the losses that stemmed from the information breach. Legal expenses amounting to $800,000 were incurred during the first quarter of the year 2006 related to the falsified data access. The company decided to restrict information product sales, which contained sensitive customer data.

Question 3

            The first governance step that ChoicePoint made was employing a chief privacy officer who reported directly to the board to govern privacy and public accountability. The briefings are done quarterly to ensure improvement of privacy and security with other detailed oversight roles. ChoicePoint has also come up with many divisions to tackle privacy and security from various angles like the corporate credentialing center. It is a conformity and privacy division, which also undertakes internal auditing (Conger, 2009). The second step is the distinct definition of the expected behavior and offers tools to employees to make compliance simple. ChoicePoint implemented various practices to scrutinize potentially fake customer behavior such as investigating firms, which abruptly increase their background checks. Thirdly, a firm needs to write data security breach response procedures, which indicate the person who is to be notified in circumstances of a privacy breach and what the firm needs to do for affected customers. The company was forced to implement changes to ensure that consumer reports were given to legitimate businesses only for legitimate purposes. A checkpoint established a security program with comprehensive information. The process was undertaken by obtaining audits from independent security professionals considered third parties. At the same time, the company hired a chief privacy officer to ensure comprehensive verification. ChoicePoint also stopped accepting faxed versions of business licenses. The company also increased its authentication procedures by creating customer identity with non-governmental and privately-held businesses undergoing re-credentialed to continue access to its databases (Conger, 2009). ChoicePoint also decided to correct several early mistakes, which had enabled the pretexting attempt by creating an independent office to deal with privacy matters. ChoicePoint employed outside help to assess its business as well as privacy practices by engaging in many audits to assess their data management practices.