Atlanta-based ChoicePoint, Inc. weathered a considerable storm in the aftermath of allegations that the company was duped into sharing the personally identifiable information of more than 145,000 Americans to criminals in early October. The resulting public fury led to at least six Congressional inquiries of ChoicePoint and industry standards for handling and sharing this sensitive data. The picture emerging from these investigations is one of industry-wide leaks, security failures and mishandling of private information. In other words, ChoicePoint was just the first of many stories to break.

Shortly after the ChoicePoint case gained public attention, similar charges were leveled against numerous companies, including: Ameritrade, who lost computer back-up tapes with more than 200,000 client accounts; DSW, who lost 1.4 million customer credit card numbers at the hands of computer hackers; and Bank of America, who lost tapes holding the account information of more than a million federal government employees.

And these are just some of the stories that gained notoriety since ChoicePoint admitted in February that it allowed unauthorized access to some of its records. What's interesting is that consumer-privacy watchdog groups say that the recent media attention on the topic doesn't signal an up-tick in security failures. Instead, there appears to be an increase in disclosure, which was precipitated by the same California law that required ChoicePoint to contact individuals whose personal information might have been compromised. The law requires data-holding/processing organizations - everything from universities and banks, to data aggregators like ChoicePoint - to notify California residents if their personally identifiable information - Social Security number, driver's license, etc. - were compromised.

So is this a recent phenomenon? In short - no.

By way of example, the University of California and California State University campuses experienced at least seven breaches alone, according to the state Office of Privacy Protection. And you'll probably recall that the University System of Georgia threatened the privacy of thousands of its Hope Scholarship recipients when it erroneously shared their personal information a few years ago.

But the recent coverage of these breaches cuts both ways. The downside is that there is elevated public fear over the loss of personally identifiable information at the hands of all entities that manage that type of data. And in turn, public concern can lead to knee jerk legislative reactions. The positive side is that the increased scrutiny is forcing companies to be more forthright with their practices and concerns, which is a central goal of TPAtlanta - increasing the idea sharing and best practices among TP companies in Atlanta.

What's the latest?

The Congressional hearings taking place in Washington are weaving their way through a series of dates to end points that are yet-to-be-determined. Some experts believe legislation is likely, but what it will ultimately look like remains to be seen. Executives from LexisNexis and ChoicePoint recently traveled to The Hill to express their ideas about the specifics any proposed legislation should cover and include.

Both Kurt Sanford, president and chief executive of LexisNexis, and Douglas Curling, president and chief operating officer of Alpharetta-based ChoicePoint expressed support for legislative efforts to regulate their booming industry. Specifically, they both supported requirements for data brokers to notify consumers when the company's security had been breached; and both endorsed recommendations for the creation of an identity theft office for consumer complaints at the Federal Trade Commission.

ChoicePoint also recommended putting a bit more control in the hands of consumers by allowing greater access to their personal information. Specifically, Curling recommended that consumers be allowed to verify and question the accuracy of information held on file by data brokers. But Curling didn't want Congress to provide legislative oversight to data brokers only. He stressed the necessity of holding other institutions - academic facilities, companies in all sectors and other data managers - accountable to the same standards of care.

Congress will ultimately have the final say in what any resulting legislation requires of data management and processing companies. But one thing is clear - these security breaches aren't new, and all organizations are at risk, which reinforces the necessity of cooperation among TP organizations to ensure the development of best practices that will lead to a more efficient, secure and successful industry.