You are hereHome >
New bill will ensure that credit bureaus protect your information as if you actually mattered to them, and will both punish them and compensate you when they fail to do so.
We are not the credit bureaus’ customers; we are their product.
Unlike with other consumer goods, there are few laws that punish companies when they’re careless with our data. The “big three” credit bureaus — Equifax, Experian and TransUnion — hold a treasure trove of personal information valuable to identity thieves, but have long demonstrated a disdain for consumers, who they treat as products, not customers.
Their real customers are the banks, mortgage providers and marketers to whom they sell our data. As I told the House Financial Services Committee in October when I testified about the Equifax fiasco, in addition to making sure Equifax is held fully responsible, we need deep reforms of the credit industry to hold credit reporting agencies accountable to consumers.
Credit reporting agencies are long overdue for more oversight from regulators and lawmakers, and the Data Breach Prevention and Compensation Act is a strong step in the right direction.
This legislation to hold large credit reporting agencies like Equifax accountable when they fail to protect consumer data from hackers was recently introduced by Sens. Elizabeth Warren and Mark Warner.
If this policy had been in place during the Equifax breach last year, Equifax would have paid at least a $1.5 billion penalty, half of which would be returned to consumers affected by the breach. Instead, the company actually reported its second-best quarter ever in November, with sales rising to $835 million.
Specifically, the bill would:
- Establish an Office of Cybersecurity at the Federal Trade Commission (FTC) tasked with annual inspections and supervision of cybersecurity at large credit reporting agencies;
- Impose mandatory, strict liability penalties for breaches of consumer data;
- Require the FTC to use 50 percent of its penalty to compensate consumers; and
- Increase penalties in cases of woefully inadequate cybersecurity or if a credit reporting agency fails to notify the FTC of a breach in a timely manner.
In other words, this legislation could potentially prevent another Equifax-like hack from happening in the future — and in the case a breach does occur, the company responsible would be held accountable, and the consumers affected would be rightly compensated.
We commend Sens. Warren and Warner for this bill, but now, we need to build the support necessary to convince Congress to pass this much-needed consumer protection.
Of course, we have a much broader platform to clean up the credit bureaus. Their consumer reports are full of mistakes that harm our chances of getting fairly priced loans or even jobs, and worse, their handling of consumer complaints is sloppy. But for now, it is important to hold large credit reporting agencies accountable for securing our information, as the Data Breach Prevention and Compensation Act will do.
Your donation supports U.S. PIRG’s work to stand up for consumers on the issues that matter, especially when powerful interests are blocking progress.