A newly proposed Federal law, if enacted, will extract large fines from Credit Reporting Agencies that experience data breaches, and will also establish an Office of Cybersecurity at the Federal Trace Commission. The Data Breach Prevention and Compensation Act of 2019 will fine credit reporting agencies such as Equifax, Experian and TransUnion $100 for each consumer whose personal data is exposed during a breach.
The Fines for Breaches Aspect of The Data Breach Prevention and Compensation Act of 2019
Introduced by Senators Elizabeth Warren and Mark Warner, and Representatives Elijah Cummings and Raja Krishnamoorthi, it is estimated that if the law had been in place in 2017, when Equifax had their data breach of the personal information of 143million people, including names, social security numbers, and driver’s license numbers, the fine would have been, according to Warren’s office, nearly $1.5billion. (How that math works isn’t clear, as by our calculations 143million times 100 is $14.3billion, but…)
During a Senate Banking Committee hearing Senator Warren explained that “the only way credit reporting agencies are going to adequately invest in cybersecurity is if we make it too expensive to ignore.”
If this feels like deja vu all over again, it’s because this same bill was proposed last year, but got nowhere before the end of the session.
Creation of The Office of Cybersecurity at the FTC
The Data Breach Prevention and Compensation Act will also establish an Office of Cybersecurity at the Federal Trade Commission. The Cybersecurity Office’s role will be to “conduct regular inspections of the cyber practices at credit reporting agencies” specifically. The law will also enhance the commission’s enforcement options against credit reporting agencies, allowing the FTC to levy civil penalties against the agencies.
Warren and Warner also sent a letter to the FTC regarding their newly released, and related, Breach of Trust report, which points out that the number of complaints to the Consumer Financial Protection Bureau (CFPB) regarding breaches of personal information following the Equifax breach not only didn’t diminish, as one might have hoped had these agencies taken measures to tighten their cybersecurity, but actually increased substantially.
Of course, some of this may be attributable to consumers being more aware of both breaches and of reporting them, however Warren and Warner explain that “Our new report reveals that consumers continue to file complaints with the CFPB about Equifax at a higher rate than before the breach, and that overall, consumers have filed more than 52,000 complaints since Equifax announced the breach. Our staffs analysis of the CFPB complaint database reveals that consumers continue to report incorrect information on their credit reports and continue to bear the brunt of Equifax’s inadequate response to the breach.”
Excerpt from Sens. Warren and Warner’s Letter to the Federal Trade Commission Regarding the CFPB Report
We write today to bring your attention to our new report on consumer complaints related to the 2017 Equifax data breach and to urge the Federal Trade Commission (FTC) to take immediate action to hold Equifax accountable for its failure to safeguard the personal information of millions of Americans.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
Credit reporting agencies collect mountains of sensitive data about individuals to compile credit reports, which determine consumers’ ability to access credit, obtain jobs, secure home loans, purchase cars, and make dozens of other transactions. The Equifax breach, where hackers gained access to this treasure trove of data, placed the financial security of millions of Americans in jeopardy. Equifax’s initial response complicated consumers’ efforts to protect their identities and credit. The Consumer Financial Protection Bureau (CFPB) and the FTC have jurisdiction over credit reporting agencies like Equifax—and consumers can file complaints with the CFPB to report concerns with the company.
You can read the full text of the Warren/Warner Breach of Trust report here
You can read the full text of Sens. Warren and Warner’s letter to the FTC here