Since the story broke last month that data-collating goliath ChoicePoint (NYSE:CPS) had let itself be duped into selling confidential, personally identifiable information on 145,000 Americans to a bunch of Nigerian con artists, Washington has not ceased rumbling. Congress is all aflutter about the need to protect individuals' data from hackers by regulating the businesses that collect data to ensure that they keep it secure and sell it only to reliable companies that make regular campaign contributions. (Or is that just my cynicism acting up on that last thing?)
ChoicePoint, for its part, made an admirable effort to head off regulation by doing the right thing before Congress told it to. The company agreed not only to send out notices to every person in the U.S. whose data the thieves might have compromised, but also to pay for credit monitoring services for each of these potential victims as well.
As expensive as that effort, and others announced by the company, might be, news out just last night suggests that it might already be too late to head off regulation. According to several news reports, Anglo-Dutch publishing house Reed Elsevier (NYSE:ENL) discovered a security breach of its own around the time that ChoicePoint was announcing its fiasco. In Reed's case, this wasn't an elaborate scheme to set up fake businesses and "legitimately" purchase personal data, however. Rather, Reed suffered the electronic equivalent of a smash-and-grab. Identity thieves somehow got hold of a legitimate identity and password, used them to swipe 32,000 customer profiles from Reed's newly acquired Seisint subsidiary, and then split. (You may recall we discussed this acquisition back in July, in the context of Reed's ongoing rivalry with Canada's Thomson (NYSE:TOC) to become the reigning information king of the world.)
You don't think that two high-profile data breaches will give Congress enough pretext to push through regulation of this industry? Well, then consider that one year ago, hackers broke into the credit card records of discount wholesaler BJ's (NYSE:BJ), causing the largest hacker-related reissuance of credit cards in history. Then in December, Bank of America (NYSE:BAC) "lost" a million customer records -- including data on many U.S. senators. And two days ago, word came that DSW Shoe Warehouse, a subsidiary of Retail Ventures (NYSE:RVI), had a breach involving data theft of credit card information on a still-unpublished number of victims spanning more than half its 175 stores.
Barring a miracle -- or a busload of lobbyists and two truckloads of money (yeah, same difference) -- regulation looks to be inevitable at this point. ChoicePoint's breach alone might not have tipped the scales, but if many other businesses are being ransacked as well, and most importantly, if the privacy of actual senators is now at risk, I think it's safe to say that regulation is on its way.
Fool contributor Rich Smith owns no shares in any company mentioned in this article.
