Pressure on ChoicePoint and other data brokers mounted Thursday as members of Congress called for investigations and new legislation to better regulate the industry. The intense scrutiny comes in response to last week's revelations that 145,000 U.S. citizens are at risk of identity theft after criminals stole a host of personal information from the database giant.
Separately, reports surfaced that two ChoicePoint executives sold $21 million worth of stock beginning in November, just days after the first arrest in the ChoicePoint case last October. ChoicePoint CEO Derek Smith told the Atlanta-Journal Consitution that the sales were planned -- and the required papers filed with the Securities and Exchange Commission -- well before the extent of the break-in was known.
According to a Nov. 3 company press release, Smith filed plans to sell 11 percent of his stake in the firm last fall. Authorities arrested Olatunji Oluwatosin on Oct. 27 in connection with the data theft.
The sales began Nov. 9, according to SEC filings, with Smith selling 21,140 shares each week thereafter. Each sale netted Smith between $856,00 and $929,000. President Douglas Curling sold shares on a similar schedule, netting between $335,000 and $365,000 each week.
The firm didn't immediately respond to MSNBC.com requests for comment on the stock purchase. The Atlanta Journal-Constitution quoted ChoicePoint spokesman James Lee as saying the the stock sale had been approved by ChoicePoint's board on Oct. 26, before Oluwatosin's arrest.
"If you are trying to make the case that this is somehow insider trading, you are going down the wrong road," the report quoted Lee as saying. There were no trades by Smith of Curling filed with the SEC during the previous eight months.
Congresssional hearings planned
News of the stock sales contributed to the already intense scrutiny ChoicePoint is facing. On Thursday, Senate Judiciary Chairman Arlen Specter announced that his committee would hold hearings into identity theft and data brokers in the wake of last week's revelations.
“I got a letter from Senator Leahy yesterday on the identity theft issue and I immediately said we can hold a hearing,” Specter, R-Pa., told reporters. No date has been set for the hearing.
Another senator plans to introduce legislation soon that would give the Federal Trade Commission jurisdiction over data brokers like ChoicePoint. The measure proposed by Sen. Bill Nelson, D-Fla., would extend the provisions of the Fair Credit Reporting Act and its recent update to govern commercial data brokers, according to Nelson aide Dan McGloughlin.
Such a law would give consumers broad new protections. U.S. residents would be entitled to review data stored on ChoicePoint computers once annually for free, and have the ability to correct errors. Consumers would also be able to see a list of companies that have requested a peek at their personal information.
"The senator feels strongly that if something isn't done to reign in and bring these businesses under a regulatory agency, then Americans can kiss their privacy goodbye," said McGloughlin.
Nelson's bill would join a series of related bills that have already been introduced by Sen. Dianne Feinstein, D-Calif. One would give residents nationwide a right to know if their personal information has been stolen by a data thief and used to commit a crime. A similar law in California led to the initial disclosure of the ChoicePoint data theft. Currently, California is the only state with such a disclosure law.
GAO to be asked to look into terror risks
MSNBC.com has also learned that Nelson and House member John Conyers, D-Mich., plan to call for a General Accounting Office investigation of government contracts with commercial data brokers. A person familiar with the request said the investigation will look into the use of firms like ChoicePoint by U.S. intelligence agencies, including the CIA and the FBI. The request will also ask investigators to determine if such databases are vulnerable to misuse by terrorists.
Meanwhile, legal troubles mount for Atlanta-based ChoicePoint. A California resident named Eileen Goldberg, who claims her information was exposed in the privacy breach, has sued the firm and is seeking class action status for her case.
And the larger story of identity theft continues to attract attention from lawmakers. At a news conference Thursday, Sen. Charles Schumer, D-N.Y., blasted the Westlaw legal information service for making Social Security numbers available to some paid customers. His office said he would introduce legislation soon to bar the practice.
Westlaw responded by saying the service is available to very few customers, mostly government agencies with regulatory responsibilities.
"The information the senator is concerned with is not available to the general public," the firm said in a statement.
ChoicePoint issued a statement Thursday supporting legislation designed to protect consumers. The firm said it would back independent oversight of its industry, stiffer criminal penalties, and disclosure laws.
"ChoicePoint is also renewing its call for a national discussion -- involving legislators, regulators, privacy advocates and the information industry -- on how to ensure that information is used responsibly, that the positive benefits of information use are preserved and that the illegal uses of data are severely punished," the firm said.
Only a first step
But legislation proposed so far is only a tepid first step towards a solution, warned George Washington University professor Daniel Solove, author of a new book on the data brokerage industry, The Digital Person.
"(The proposed legislation) is better than nothing, but it still needs to go further. There are a lot of unaddressed questions," he said.
Giving consumers access to their records at each company is meaningless if people don't know which companies to ask, Solove said.
"(The legislation) doesn't really address issues such as, how are people to know who these companies are? Many people hadn't heard of ChoicePoint," he said. "And it's not just ChoicePoint. There are hundreds of data brokers. If you don't know who the companies, are what good is a right of access?
Number of victims still unclear
Meanwhile, investigators in Los Angeles have reduced earlier estimates of the number of victims who might have been exposed by the crime. Published reports last week suggested Los Angeles law enforcement officials believed 400,000 or more people may have been victimized by the data leak -- and there were hints at a far larger number of victims. But on Thursday law enforcement officials said it's too early to tell just how many victims will ultimately turn up.
"Without going through the investigative process, there's no way of knowing how far-reaching it will be," said Lt. Robert Costa of the Southern California High-Tech Task Force.
A report in the Atlanta-Journal Constitution on Thursday said that Detective Duane Decker of the Los Angeles County Sheriff's Department testified in a December court hearing that ChoicePoint representatives told him "something like 4 million people have been exposed" in the data leak incident. But officials from the sheriff's department told NBC News on Thursday that many of those records were duplicates, and the company's assertion that there were only 145,000 people exposed nationwide is the best current estimate of the number of victims.
Bob Sullivan is the author of Your Evil Twin: Behind the Identity Theft Epidemic