September 21, 2006 - NEARLY 8 MONTHS AFTER SETTLEMENT OF MASSIVE CHOICEPOINT DATA BREACH, NO FUNDS HAVE BEEN DISPERSED TO THE VICTIMS OF IDENTITY THEFT

Washington, DC -- Today Rep. Edward Markey (D-MA), the top Democrat on the House Telecommunications and Internet Subcommittee and a senior member of the full Energy and Commerce Committee, released a letter to Federal Trade Commission (FTC) Chairman Deborah Platt Majoras urging her to explain a press report that the FTC has not yet compensated identity theft victims over eight months after a settlement was reached with ChoicePoint following a massive data breach.  The report by the Associated Press yesterday indicates that the FTC has not yet developed the procedures to distribute $5 million in settlement funds to almost 1,000 known ID theft victims after the massive ChoicePoint data breach.  Rep. Markey, co-Chairman of the Congressional Privacy Caucus, has offered a number of measures to protect Americans’ privacy, including a bill to protect Social Security numbers and increase penalties for organizations that do not take steps to secure individuals’ health, financial and Internet privacy.

Rep. Markey said, "Over 18 months after the massive ChoicePoint data breach, it is shocking that the FTC has not yet compensated the victims of this fraud and that the Republicans in Congress have not made progress on Federal legislation to prevent such thefts from occurring in the first place.  ChoicePoint’s ID theft victims should be compensated immediately to protect themselves and their families from having their Social Security numbers, health records and bank account balances used by identity thieves.”

Below is Rep. Markey’s letter to Chairman Majoras:

Hon. Deborah Platt Majoras
Chairman, Federal Trade Commission
600 Pennsylvania Ave., NW
Washington, DC  20580

Dear Chairman Majoras:

            I am writing to express my concern about a recent Associated Press report indicating that the Commission has not compensated victims of the ChoicePoint data breach, despite the creation of a $5 million fund as part of the Commission’s settlement with the company almost eight months ago. (“AP Exclusive: FTC hasn't paid any money from victims' fund”, September 20, 2006.)  I would appreciate the Commission’s response to the questions that follow.

1.      According to the AP report, the Commission has not yet developed the policies and procedures for distribution of the funds, nor has the Commission hired the individual(s) needed to administer the fund.  Is this accurate?  If no, what progress has the Commission made to establish the needed administrative capacity to distribute funds to the victims?  If yes, why has the Commission not performed these basic functions months after the settlement with ChoicePoint?

2.      The AP report includes information that indicates the Commission has identified 800 victims, but still has not compensated these victims from the ChoicePoint settlement funds.  Is this accurate?  If yes, why has the Commission chosen not to compensate these individuals now, while at the same time continuing to work to identify additional victims?

3.      In the past, has the Commission, as part of a settlement agreement with a regulated entity, established a fund that was used to compensate individuals victimized by the entity?  If yes, please list:
a.      each case brought against an entity that resulted in such a settlement fund within the past 2 years;
b.      the amount of the settlement fund;
c.       the number of victims compensated; and
d.      the date the fund was established, the date the first victim was compensated, and the date the last victim was compensated

Thank you for your prompt attention to this matter.

Sincerely,

Edward Markey  

Rep. Markey introduced three bills in the 109th Congress to protect consumers from identity theft:

H.R. 1078: The Social Security Number Protection Act is aimed at protecting consumers from the abuse of the purchase and sale of social security numbers by:
· Making it crime for a person to sell or purchase Social Security numbers.
· Providing the FTC with rulemaking authority to restrict the sale of Social Security numbers,
determine appropriate exemptions, and to enforce civil compliance with the bill’s restrictions.
· Authorizing the states to enforce compliance, and provide for appropriate penalties.

H.R. 1080: The Information Protection and Security Act would give the Federal Trade Commission (FTC) power to oversee previously unfettered information brokers the same way it governs credit bureaus that handle private financial information. Currently, unregulated data brokers are able to sell files containing Social Security numbers, credit reports and other personal data by:
· Subjecting information brokers like ChoicePoint to federal regulation by the Federal Trade
Commission, and specifically, requiring such brokers to comply with a set of new fair information
practice rules that the FTC would be required to issue within 6 months of enactment.
· Mandating that the FTC rules require information brokers to better secure the information in their
possession, grant consumers the right to obtain access to and correct information held by the
broker, require information brokers to protect information from unauthorized users, and prohibit
users of an information broker to obtain the information for impermissible or unlawful purposes.
· Creating regulations that are enforceable through the FTC, which would be empowered to bring
civil actions to punish and fine violators;

H.R. 1653: The Safeguarding Americans from Exporting Identification Data (SAFE ID) Act would prohibit companies from transferring personal information to any person outside the United States without notice and consent by:
· Requiring notice to a consumer from any business enterprise that wishes to transfer to a foreign
country that consumer’s personally identifiable information, such as the citizen’s name, address,
financial information, medical records;
· Requiring the Federal Trade Commission (“FTC”) to determine whether the privacy protections of
a country to which data is outsourced are, or are not, “adequate and enforceable;”
· Giving consumers the option to “opt out” of information transfers to countries with “adequate and
enforceable” privacy protections, such as the European Union (EU);
· Barring companies from refusing to provide goods or services to consumers who elect to exercise
their “opt out” or “opt in” consent rights, or from charging consumers more if they chose to
exercise such rights;
· Providing for enforcement of the bill’s restrictions by the FTC by defining violations of the bill as
a violation of the Federal Trade Commission Act’s prohibition on unfair and deceptive acts or
practices, thereby allowing the FTC to seek injunctions against violators and to impose financial
penalties of up to $11,000 per violation, for countries with “inadequate or unenforceable” privacy
protections;
· Providing for additional civil remedies against violations, including authorization to the state
attorney’s general to bring civil actions to enjoin violations and impose monetary penalties of
actual monetary losses or up to $10,000 per violation, whichever is greater; and
· Providing a citizen whose privacy rights are violated with a private right of action to sue a
business who has violated the act for actual monetary damages or up to $10,000 per violation,
whichever is greater.

For more on Rep. Markey’s privacy, consumer, and security work, please visit http://markey.house.gov.

FOR IMMEDIATE RELEASE
September 21, 2006

CONTACT: Israel Klein
202.812.8193