Even for the experts, the recent data breach at Equifax was staggering. The data that undergirds the credit records of 143 million consumers was compromised. Social Security numbers, dates of birth, and drivers’ license records are used to authenticate identity. It is not difficult to change a credit card number, but changing Social Security numbers and birth dates is a whole different matter. Data breaches are on the rise in the United States. It’s time for Congress to act. Why does this require action by Congress? There are at least five major reasons that the private sector cannot handle this issue on its own:
Identity theft is one of the top consumer complaints. The Federal Trade Commission reported 399,225 cases of identity theft in the United States in 2016. Of that number, 29% involved the use of personal data to commit tax fraud. More than 32% reported that their data was used to commit credit card fraud, up sharply from 16% in 2015. A 2015 report from the Department of Justice found that 86% of the victims of identity theft experienced the fraudulent use of existing account information, such as credit card or bank account information. The same report estimated the cost at $15.4 billion.
Current measures do not work. When data breaches occur, consumers are urged to check a website to see if they were affected. They are offered time-limited credit monitoring services and encouraged to check credit reports for stray transactions. This protocol has done little to stem the rise in data breaches and identity thefts in the United States. And because most state laws about data breach notification fail to establish strict time limits, consumers learn that their data was stolen long after the crime occurred.