Analysis of Choicepoint

ChoicePoint

ChoicePoint was one of three major players within the U.S. Personal Data Industry. Despite the usefulness of the services provided by the industry, it was greatly criticized by privacy advocates and other related groups. These concerns were reflected in the fact that ChoicePoint recently experienced a major breach in security, and had exposed thousands of individuals to potential identity theft. For Derek Smith- ChoicePoint CEO and “advocate of using information technology to combat fraud, crime, and terrorism”- this was a nightmare turning into reality.

The key challenge for the CEO of ChoicePoint was twofold. “Smith needed a plan to strengthen data protection within the company and a clear position on data-protection regulation….” The management team at ChoicePoint had begun reviewing potential changes to the organization’s business model after this security breach; moreover, these plans reflected Smith’s belief that “technology was the answer.” A key implication of this case was that ChoicePoint’s management team had incorrectly defined their “role in information security in a cyber economy.” I believe that ChoicePoint will inevitably continue to experience these problems unless Derek Smith and his management team realize that “security is not a technical issue, it is a management issue.’’

My recommendation to Derek Smith is to take an “end-to-end view of business processes” that goes beyond the “technological viewpoint” he currently has for the business. He must embrace a more comprehensive viewpoint of data security in his organization, and I believe the balanced scorecard approach provides an effective framework for him to work with.

In the article, “Management’s Role in Information Security in a Cyber Economy,” the authors portray the following core message, which I believe will help Derek Smith understand the problems he is facing: “Good Security in an organization starts at the top, not with firewalls, shielded cables, or...