Personal data breaches have become epidemic in the U.S. where innocent citizens sensitive information is being left unprotected and subsequently disseminated between hackers. ChoicePoint is an organization that is a premier data broker and credentialing service in the industry. The company was guilty of failing to fulfil their own policy of thoroughly evaluating prospective customer organizations which resulted in a major breach. The source of this failure will be evaluated as well as possible solutions. The punishment and repercussions will be evaluated for appropriateness and the reactions of the organization will be scrutinized for potential effectiveness.
The root…show more content… In terms of data handling services ChoicePoint could have utilized many tactics to minimize the possibility and the damage of a data breach. Some examples include: discarding un-needed personal data, shredding paper/destroying hard disks that contain sensitive material, implanting dummy data to help detect a breach, limiting access to pre-selected personnel, auditing employee access and behaviors, disallowing transport of data off-site, monitoring and reviewing data sharing with customers/ partners/suppliers, and of course the thorough background checks. Many of these measures aside from strengthening the protection against compromise would also deter hackers. The most likely company to be targeted is the company that appears to have the least protection (Phua, 2009). The fines incurred by ChoicePoint as a result of their failure to adequately secure the data they sold amassed more than $55 million. To better measure the significance of these fines and the other costs associated with the breach it is helpful to consider the acquisition of the company by Reed Elsevier following the breach in 2008. “The cash transaction was valued at $3.6 billion (pp. 679, Culnan, & Williams, 2009).” This illustrates that the costs may have been far less harmful than many would anticipate. The fact remains that the costs were an exorbitant amount and companies cannot possibly prepare for that significant of a loss. This inability to prepare or tolerate such a significant a