Understanding Regulatory and Court Orders (ChoicePoint 2006)¶
Table of contents¶
- 1. FTC Complaint and Allegations
- 2. Stipulated Final Judgment and Order
- 3. Consolidated view: requirements by source
Purpose¶
Provide a regulator- and audit-ready interpretation of the ChoicePoint FTC matter, including allegations, binding settlement obligations, and implementation implications for security and compliance teams.
1. FTC Complaint and Allegations¶
Official document¶
- FTC case page: ChoicePoint, Inc. matter
What the complaint focuses on¶
- Weak customer/applicant credentialing and verification controls.
- Inadequate safeguards to prevent unauthorized access to consumer records.
- Monitoring and governance weaknesses affecting timely prevention/detection.
2. Stipulated Final Judgment and Order¶
Official document¶
- FTC settlement announcement: ChoicePoint settles data security breach charges
What the order requires¶
- Comprehensive information security program with accountable ownership.
- Strengthened verification, access, and monitoring controls.
- Independent assessments and remediation tracking.
- Recordkeeping and reporting to support compliance oversight.
3. Consolidated view: requirements by source¶
| Requirement domain | Complaint | Settlement order | Implementation implication |
|---|---|---|---|
| Verification and access controls | ✓ | ✓ | Strengthen onboarding and least-privilege controls |
| Monitoring and response | ✓ | ✓ | Implement anomaly detection and escalation runbooks |
| Governance and accountability | ✓ | ✓ | Define owners, cadence, and evidence retention |
| Independent testing | - | ✓ | Run periodic independent assessments |
| Consumer redress and transparency | - | ✓ | Support required notification/remediation processes |
Document-type guide: Regulatory Security Explanation
Writing tips: Writing best practices — Regulatory Security Explanation