Proposed law would impose huge fines for credit reporting agency data breaches


Sens. (D-Mass.) and (D-Va.) Wednesday focused on boosting cybersecurity infrastructure at companies like Equifax by holding them accountable for data breaches.

The bill would give the Federal Trade Commission more authority over data security at all credit reporting agencies, impose mandatory penalties upon credit reporting agencies who fail to protect consumer data, and provide compensation to consumers for data stolen in a security breach.

The bill calls for the establishment of an FTC cybersecurity office that would annually inspect and supervise CRAs' cybersecurity practices.

The bill would fine a company $100 for each consumer that had a piece of personal information compromised in a data breach, with an additional $50 for each additional piece of data put at risk for each consumer. "The penalties would double in cases where the credit reporting firm did not comply with federal data security standards or failed to notify officials of the breach in a timely manner".

Justin Brookman, director of consumer privacy and technology policy for Consumers Union, said,"Credit reporting agencies are a one-stop shop for hackers seeking to profit off our most sensitive and personal data".

Equifax would have had to pay approximately $1.5 billion in penalties under the bill.

The Data Breach Prevention and Compensation Act is created to make the big CRAs more accountable, following a damaging breach at Equifax a year ago which affected 145.5m Americans and 700,000 Brits.

Not only that, but this bill would actually be putting money back into the pockets of consumers. Warner. "This bill will ensure that companies like Equifax - which gather vast amounts of information on American consumers, often without their knowledge - are taking appropriate steps to secure data that's central to Americans' identity management and access to credit". "It also imposes real and meaningful penalties when credit bureaus, entrusted with our most sensitive financial information, break that trust", said National Consumer Law Center staff attorney, Chi Chi Wu.

Specifically, credit reporting agencies would. He slammed the credit bureau for its cybersecurity failures and weak response at a Banking Committee hearing with Securities and Exchange Commission (SEC) Chairman Jay Clayton past year. In the wake of the Equifax breach, it is clear that our data protection laws are woefully outdated and inadequate - and consumers deserve better.