Dems propose fining credit agencies for data breaches

Dems propose fining credit agencies for data breaches
© Stefani Reynolds

Congressional Democrats on Tuesday reintroduced legislation which would impose fines on credit reporting agencies for compromising customer data, a response to the massive Equifax breach.

The Data Breach Prevention and Compensation Act, unveiled ahead of a Senate Banking Committee hearing on data privacy, would require credit reporting agencies to pay $100 for each consumer whose personal data is compromised in a breach.

The bill was offered by Sens. Elizabeth WarrenElizabeth WarrenPelosi disputes Biden's power to forgive student loans Warren hits the airwaves for Newsom ahead of recall election Human rights can't be a sacrificial lamb for climate action MORE (D-Mass.) and Mark WarnerMark Robert WarnerDemocrats join GOP in pressuring Biden over China, virus origins Senators say they have deal on 'major issues' in infrastructure talks On The Money: Senate infrastructure talks on shaky grounds | Trump tells Republicans to walk away | GOP sees debt ceiling as its leverage against Biden MORE (D-Va.) in the upper chamber, and House Oversight and Reform Committee Chairman Elijah CummingsElijah Eugene CummingsFormer Cummings staffer unveils congressional bid McCarthy, GOP face a delicate dance on Jan. 6 committee Five big questions about the Jan. 6 select committee MORE (D-Md.) and Rep. Raja Krishnamoorthi (D-Ill.) in the lower.

Warren's office estimated that if the bill was in place in 2017, credit reporting company Equifax would have been required to pay at least a $1.5 billion penalty.

ADVERTISEMENT

The bill, which did not see action in the last Congress, would establish an Office of Cybersecurity at the Federal Trade Commission (FTC) to conduct regular inspections of the cyber practices at credit reporting agencies. It would also enhance the FTC's enforcement capabilities against credit reporting agencies by giving the agency civil penalty authority under the Gramm-Leach-Bliley Act, a law that requires financial institutions to explain how they share and protect customer data.

The Democrats behind the bill also unveiled a new report which found that consumers have made over 52,000 complaints with the Consumer Financial Protection Bureau (CFPB) since the Equifax breach. The report found that the number of complaints filed against Equifax in the months after the breach nearly doubled from the amount reported in the same period prior to the incident.

The Equifax data breach resulted in hackers gaining access to the personal information of an estimated 143 million Americans, including Social Security numbers, passport numbers and birth dates.

Copies of the report were sent to both the both the FTC and the CFPB, with lawmakers asking both agencies to “hold Equifax accountable for the 2017 breach without delay.”

The lawmakers recommended that CFPB also "continue working with federal and state agencies to address critical cybersecurity issues in the credit reporting industry,” and that the CFPB should use “all tools at its disposal to get to the bottom of the causes of the breach and the depths of Equifax’s failures to protect consumer data and respond adequately to the risks facing consumers.”

“The American people have continued to use the CFPB’s complaint process to make their voices heard, and right now, the agency appears to be ignoring those voices,” the lawmakers wrote.

The CFPB did not respond to request for comment on the findings of the report.

The bill received support from a number of industry and agency officials.

Former FTC Chief Technologist Ashkan Soltani said making credit agencies liable for failing to secure consumer data is “a necessary step in ensuring our privacy rights."

Marc Rotenberg, the president and executive director of the Electronic Privacy Information Center, called the legislation “a concrete response to a serious problem facing American consumers.”

Warren discussed the bill during the Senate Banking Committee hearing on data collection and privacy, saying that “the only way credit reporting agencies are going to adequately invest in cybersecurity is if we make it too expensive to ignore.”

At the hearing, Warner harshly criticized the data collection techniques of companies such as Facebook, Twitter and Google, who he accused of "sucking personalized data out from each and every one of us and then marketing that to a whole series of entities.”

Both Republicans and Democrats on the committee argued for legislation to regulate consumer data collection by tech companies. The hearing also comes as lawmakers in both chambers work on drafting a federal data privacy law.

Senate Banking Committee Chairman Mike CrapoMichael (Mike) Dean CrapoThe Hill's 12:30 Report - Presented by Facebook - US gymnast wins all-around gold as Simone Biles cheers from the stands The Hill's Morning Report - Presented by Facebook - A huge win for Biden, centrist senators The 17 Republicans who voted to advance the Senate infrastructure bill MORE (R-Idaho) said the committee would “look to update and make improvements to federal laws within its jurisdiction” in regard to this issue.

The panel's ranking member, Sen. Sherrod BrownSherrod Campbell BrownTop Democrat: 'A lot of spin' coming from White House on infrastructure Schumer's moment to transform transit and deepen democracy Democrats ramp up pressure for infrastructure deal amid time crunch MORE (D-Ohio), said regulating this issue is “critical to our democracy,” citing Facebook's Cambridge Analytica data scandal as an example of giving “bad actors ways to meddle in our elections.”

Maciej Ceglowski, the founder of social bookmarking website Pinboard, testified during the hearing, arguing in favor of regulating the collection of consumer data by companies such as Google, Facebook, Amazon and Microsoft to ensure consumer privacy and to “preserve our liberty.”

“The internet economy today resembles the earliest days of the nuclear industry,” Ceglowski said. “We have a technology of unprecedented potential, we have made glowing promises about how it will transform the daily lives of our fellow Americans, but we don’t know how to keep its dangerous byproducts safe.”