Bill Would Penalize Credit Reporting Agencies for Consumer Data Breaches


The legislation, introduced by Senators Warren and Warner, would enable the FTC to supervise CRA's data security practices, establishes penalties for violations of data security practices, and ensures that consumers whose data is stolen are compensated.

Under the new legislation, Equifax would have been forced to pay an estimated $1.5bn fine following its September 2017 breach, according to senator Elizabeth Warren.

Justin Brookman, director of consumer privacy and technology policy for Consumers Union, said,"Credit reporting agencies are a one-stop shop for hackers seeking to profit off our most sensitive and personal data". The proposed bill ensures that half the money paid to the federal government is returned to those affected by the breach.

The cybersecurity bill would impose strict financial penalties on credit reporting agencies hit by data breaches, require significantly higher recovery compensation for affected customers, and tasked with annually inspecting credit reporting agencies' cybersecurity infrastructures. "But if companies like Equifax can't properly safeguard the enormous amounts of highly sensitive data they are collecting and centralizing, then they shouldn't be collecting it in the first place", said Sen.

Most notably, it would impose mandatory financial penalties starting at $100 for every customer who has one piece of personally identifiable information (PII) compromised, with $50 per additional piece of PII. "The penalties would double in cases where the credit reporting firm did not comply with federal data security standards or failed to notify officials of the breach in a timely manner".

More news: Harman Debuts Digital Cockpit Concept at CES
More news: Eric Hosmer reportedly offered seven-year deal to stay with Royals
More news: Bon Jovi to perform at AT&T Center on March 22

The Data Breach Prevention and Compensation Act is created to make the big CRAs more accountable, following a damaging breach at Equifax a year ago which affected 145.5m Americans and 700,000 Brits.

"We appreciate this bill's attention to key weaknesses in consumer data protection".

"This bill establishes much-needed protections for data security for the credit bureaus", said National Consumer Law Center staff attorney, Chi Chi Wu.

Consumer watchdogs and cybersecurity experts praised Warren and Warner for taking steps to protect Americans' personal information and strengthen cybersecurity infrastructure. "Equifax might make money off the breach", Warren said, citing the sales of credit production products. The new requirements outline specific actions that credit reporting agencies must undertake to remain in compliance. The bill text can be found here.