March 21, 2006
GTISC Industry Leaders Lecture
Centergy One Building
Carol DiBattiste, Chief Credentialing, Compliance and Privacy Officer, ChoicePoint
11:30 am -- Lunch
DiBattiste Question & Answer
1. You joined ChoicePoint at a difficult time after the data theft incidents became public. What were your biggest challenges and goals in your first year with the company?
ChoicePoint is a fantastic company and the main reason I joined is because of what the company does in making a difference for society -- mitigating economic and physical risk and reducing fraud for businesses, non-profits, and governments. I also joined because of the challenges facing the company and I wanted to be a part of meeting those challenges head on. The third reason I joined was because of the great people at ChoicePoint who are committed to the mission and protecting consumer's privacy and security. My biggest challenge by far was to learn the wide range of products and services that ChoicePoint delivers to its many customers. The first year has been very challenging, exciting and rewarding as we have enhanced already existing privacy and security policies and procedures, our audit and compliance programs, and our education and outreach to ChoicePoint associates, customers, industry, associations, the privacy community, and consumers.
2. What are the major lessons learned from the process of implementing new privacy security measures at ChoicePoint?
I would say to properly and effectively communicate the new privacy and security measures both internally and externally, as appropriate. Also, education and training is key to successful implementation, as well as auditing and compliance.
3. Often people think that technology will cure information security problems when in reality so many breaches could be prevented by relatively simple steps. What do companies and other organizations need to keep in mind as they develop policies and procedures within their organizations to safeguard their sensitive data, personnel records, etc.?
Companies need to be constantly thinking about how to better safeguard their sensitive personal data - knowing their customers are legitimate and using the data for permissible purposes, knowing their employees are accessing and using the data permissibly and responsibly, and knowing what the identity thieves and fraudsters are after and staying one step ahead of them.
4. We are also interested in your views on how universities and centers like GTISC can work with companies like ChoicePoint to address the challenges. In our user-centric security work, one challenge is to understand not only user expectations but what ordinary users can do to safeguard their sensitive information.
We can work together at events like this and share our ideas on protection of sensitive information, risk mitigation and how to protect against identity theft.
5. What are your views on the shared responsibility between users and companies like ChoicePoint and how we understand and communicate it?
Everyone is responsible for data protection and consumer privacy and everyone has an important role. We at ChoicePoint take our responsibility very seriously and work very hard every day to ensure that our customers and consumers know of our commitment to privacy and security and what we are doing to reinforce the responsible use of information.