Equifax hack prompts regulatory chatter from both parties

Equifax’s massive data breach might reflect the need for new regulations on credit agencies and other companies that hold vast troves of Americans’ sensitive personal data, the White House said Monday.

“I think it’s something we have to look into extensively,” press secretary Sarah Huckabee Sanders told reporters when asked if new regulations were on the table. “We have to explore all the best ways to make sure that Americans are protected in that sense.” Homeland security adviser Tom Bossert, whose portfolio includes cybersecurity, “will be one of the primary people taking the lead on that front,” Huckabee Sanders said. The Equifax hack has renewed a debate about oversight of the credit reporting industry, which is almost unique in its ability to collect detailed information about virtually all American adults without their permission. But so far, most of the people calling for new regulations have been Democrats.

Story Continued Below

… FOR INSTANCE On Monday, five liberal senators reintroduced a bill that would impose new requirements on credit reporting agencies and give Americans who sue them under the Fair Credit Reporting Act more legal remedies. “Because these credit agencies operate in the dark, they are allowed to be terribly unfair and unaccountable,” said lead sponsor Brian Schatz, who has gone after Equifax on Twitter. “Millions of Americans have bad credit because of mistakes from credit agencies, and it can ruin lives, stopping people from getting a job or owning a home or car.” Sen. Dick Durbin, the second-ranking Democrat in the chamber, called the breach “exhibit A” in the need for stronger regulation to protect consumers. Other Democrats also continued to put pressure on Equifax.

In a letter set for release today, Sen. Gary Peters, a member of the Commerce Committee, asked the FTC to get involved. “The stated touchstone of the FTC’s approach to data security is reasonableness, which means a company’s data security measures must be reasonable in light of the sensitivity and volume of consumer information it holds, the size and complexity of its data operations, and the cost of available tools to improve security and reduce vulnerabilities,” Peters wrote. “Based on Equifax’s disclosure of this breach and the potential volume of affected consumers, I respectfully urge the FTC to immediately initiate an investigation into whether Equifax failed to establish and maintain a comprehensive information security program to protect consumers’ sensitive personal information.”

— THE REST OF THE STORY: Meanwhile, the leaders of the Senate Finance Committee joined forces Monday on a letter asking extensive questions of Equifax. The company has faced numerous new security questions post-breach. It moved to shore upthe security of personal identification numbers for consumers trying to freeze their credit reports. Some complained that its website was directing users to less secure links. And debates raged on over responsibility for the breach.

Continue reading…