"Let me begin by offering an apology on behalf of our company, and my own personal apology, to those consumers whose information may have been accessed by the criminals whose fraudulent activity ChoicePoint failed to prevent," he told a House Energy and Commerce subcommittee Tuesday.
Smith said the data broker has taken a number of steps to improve security of consumer information, including boosting its customer credentialing process, re-credentialing current customers, and altering the services it provides to customers.
The company said previously that it will no longer provide sensitive consumer data except in consumer transactions and to support government or law enforcement efforts.
"The security breach that ChoicePoint discovered last fall in California has caused us to go through some serious soul-searching at ChoicePoint," Smith said. "In retrospect, the company should have acted more quickly."
Since the ChoicePoint breach, which was the first in a recent spate of high-profile security breaches involving sensitive consumer data, members of Congress have made various proposals, including tighter restrictions on the data broker industry, restricting the sale of Social Security numbers, and requiring notification of consumers if their personal data is exposed.
At the hearing, Kurt Stanford, president and CEO of LexisNexis corporate and federal markets, said the company supports a national notification law. Earlier this month, LexisNexis disclosed that intruders accessed personal data of 32,000 Americans in one of its databases. (As reported in SC Magazine here.)
Any legislation that is considered, he said, must ensure that legitimate businesses, government agencies and others continue to have access to identity information they require for efforts such as fraud detection.
"Legislation must strike a balance between protecting privacy and ensuring continued access to critically important information that is provided through information service providers," Stanford said.