ATLANTA - ChoicePoint Inc. has agreed to implement more safeguards as part of a settlement with 43 states and the District of Columbia over allegations it failed to adequately secure consumers' personal information related to a breach of its database it disclosed in 2005.
The Alpharetta-based consumer data provider has agreed to adopt significantly stronger security measures, according to the settlement announced Thursday. Among them are written certification for access to consumer reports and, in some cases, onsite visits by ChoicePoint to ensure the legitimacy of companies before they are allowed access to personally identifiable information.
The breach involved thieves posing as small business customers who gained access to ChoicePoint's database, possibly compromising the personal information of 163,000 people, according to the Federal Trade Commission.
ChoicePoint will now conduct periodic audits to ensure that companies are using consumer data for legitimate purposes.
There is no fine or penalty, though ChoicePoint will pay $500,000 for the states to share. ChoicePoint said the money is for programs like state public education campaigns about identity theft. But Connecticut, for one, said its share - $5,500 - will go into the state's general fund.
''This step marks a historic first - the first time a data broker has agreed to safeguard certain sensitive publicly available information, including Social Security numbers, using the same credentialing methods as it uses to safeguard private financial information that is protected by law,'' Connecticut Attorney General Richard Blumenthal said in a statement.
The company admitted no wrongdoing in the settlement, ChoicePoint spokesman Matt Furman said. Seven states, including Georgia, are not part of the settlement, ChoicePoint said. The other states not involved in the settlement are Kansas, New Hampshire, Rhode Island, South Carolina, Utah and Wyoming.
''The changes we are making as a result of our conversations with the states are clearly good for our business and, we expect, will ultimately be where the entire industry finds itself,'' Furman said in a statement. ''In fact, we will be watching with interest as the attorneys general expand their focus on these critical issues across every sector of our economy.''
In January 2006, ChoicePoint agreed to pay $15 million to settle FTC charges that the data warehouser's security and record-handling procedures violated consumers' privacy rights when thieves infiltrated the company's massive database.
The FTC fined the company $10 million - the biggest fine the agency had ever imposed - and said that ChoicePoint would pay an additional $5 million to compensate consumers.
The federal government is among ChoicePoint's biggest customers.
Georgia, ChoicePoint's home state, did not join the settlement with the states announced Thursday because it had worked with ChoicePoint individually and had been told that the company was implementing safeguards to ensure consumers were protected, said Russ Willard, a spokesman for state Attorney General Thurbert Baker.
That assurance, in addition to what ChoicePoint agreed to do in the FTC settlement, satisfied Georgia, Willard said.
Since the breach, the company has worked to reassure investors and the public. Among other things, it hired Carol A. DiBattiste, former deputy administrator of the Transportation Security Administration, as the company's chief credentialing, compliance and privacy officer. She later added general counsel to her job title.