ChoicePoint is in the news this week, because it "mistakenly" sold personal credit reports for about 145,000 Americans to criminals. (I like the word mistakenly - it leaves us wondering whether this was an error of intention or of execution. After all, if you get found out, it's always a mistake.)
Bruce Schneier (Feb 23) writes: "ChoicePoint's behavior is a textbook example of how to be a bad corporate citizen. The information leakage occurred in October, and it didn't tell any victims until February. First, ChoicePoint notified 30,000 Californians and said that it would not notify anyone who lived outside California (since the law didn't require it). Finally, after public outcry, it announced that it would notify everyone affected."
Interesting decision-making process here. Public trust in a company is critically affected by the way it deals or dithers with a crisis such as a product recall or website error. See my notes on Kodak, Sudan 1.
Adam Shostack (Feb 23) suggests we might expect shady behaviour from firms that don't expect to be around for very long. There is therefore a possible link between ethics and viability - poor viability leads to poor ethics. But what about the causal link the other way - what effect does bad corporate behaviour have on corporate (economic) viability?
Adam Shostack (Feb 24) also raises the question, "who notified whom? Reuters claims that the authorities notified Choicepoint, while Choicepoint claims they notified the authorities. Let's see...who has motive to lie?" Gary North posts one theory (Feb 19) "According to ChoicePoint, there was no announcement because law authorities prohibited it." to which IanG (Feb 19) replies "OK, so maybe they wanted to set up a sting. They're the good guys, and they're in control, right?"
Lots of information from EPIC and SourceWatch, and further links from Bruce and Adam.