Public Knowledge will host a briefing on privacy legislation February 5 from 2 - 3 p.m. at the Dirksen Senate Office Building. The briefing, “Privacy Protections in the Post-Equifax Era,” will outline privacy legislation expected for 2018 and review lessons learned from the 2017 Equifax data breach.
For nearly three months last summer, the sensitive personal data of more than 145 million American consumers was exposed to bad actors thanks to some “ham-fisted” behavior on the part of credit reporting giant, Equifax. Americans were outraged, and lawmakers began to scrutinize Equifax’s behavior during the breach, including three Equifax senior executives selling shares worth almost $1.8 million in the days after the company discovered the hack.
Today, Senators Mark R. Warner (D-VA) and Elizabeth Warren (D-MA) introduced the Data Breach Prevention and Compensation Act to hold credit reporting agencies like Equifax accountable for data breaches that jeopardize consumer data.
Today, Senator Patrick Leahy (D-VT) introduced the Consumer Privacy Protection Act of 2017. The bill would place requirements on companies with sensitive consumer information, such as Equifax, to maintain safeguards to ensure the privacy and security of such data, and to notify consumers when that sensitive data is breached. Public Knowledge applauds Senator Leahy and the bill’s co-sponsors, including Senators Markey, Blumenthal, Wyden, Franken, Baldwin, and Harris for prioritizing consumer privacy in the wake of the Equifax security breach.
Last week, Congress held four hearings to investigate the Equifax data breach, which jeopardized the highly sensitive data of 145 millions Americans. The exposed consumer information includes social security numbers, prior addresses, student loans, credit card numbers, and other pieces of private data compiled into credit reports that determine if a consumer qualifies for employment, loans, or new lines of credit. For days, members of Congress questioned former Equifax CEO Richard Smith as to how the breach could have occurred and what steps the company was taking to protect consumers. Mr. Smith resigned in September after the extent of the breach was fully disclosed. During the hearings, he offered little in terms of solutions on how to protect consumers going forward, but his answers revealed significant problems with our current data security regime that Congress must address.