US politicians propose fines for credit agencies guilty of data breaches

Democrats in the States have put forward legislation which would issue financial penalties to credit reporting agencies found guilty of compromising customer data.

The proposals are believed to be in response to recent huge data handling errors committed by the likes of credit ratings agency, Equifax.

The Data Breach Prevention and Compensation Act was presented ahead of a Senate Banking Committee hearing on data privacy. The new laws would mean reporting agencies could face a fine of up to $100 for every consumer whose private data they compromise in a leak.

Had the bill been in place two years ago, Equifax would have had to pay a penalty of at least $1.5 billion.

The bill would set up an Office of Cybersecurity at the Federal Trade Commission (FTC) to run regular audits of cyber security practices at reporting agencies. It would also sharpen the FTC’s teeth through further enforcement power against credit reporting agencies.

Democrats pushing the bill presented a report showing that 52,000 consumer complaints have been filed with the Consumer Financial Protection Bureau (CFPB) since the Equifax breach. The documents also proved that the quantity of complaints made against the beleaguered company in the months following the breach went up by almost 50% from the number reported for the same timeframe before the incident.

The report was sent to the FTC and the CFPB, with politicians appealing to both entities to “hold Equifax accountable for the 2017 breach without delay”.

A recommendation was made to the CFPB to “continue working with federal and state agencies to address critical cybersecurity issues in the credit reporting industry”. The authority was also encouraged to use “all tools at its disposal to get to the bottom of the causes of the breach and the depths of Equifax’s failures to protect consumer data and respond adequately to the risks facing consumers.”

The democrats wrote:

“The American people have continued to use the CFPB’s complaint process to make their voices heard, and right now, the agency appears to be ignoring those voices.

The proposed legislation has been given support by several industry and agency officials, with former FTC Chief Technologist, Ashkan Soltani, underlining how forcing credit ratings agencies to be more responsible constitutes “a necessary step in ensuring our privacy rights.”

President and executive director of the Electronic Privacy Information Centre, Marc Rotenburg, said the bill was “a concrete response to a serious problem facing American consumers.”

At the hearing, tech giants such as Twitter, Facebook and Google came under heavy fire for “sucking personalised data out from each and every one of us and then marketing that to a whole series of entities.”

Maciej Ceglowski, founder of Pinboard, spoke in support of further regulation regarding the ways in which the major data players handle the personal and private details of users, stating:

“The internet economy today resembles the earliest days of the nuclear industry. We have a technology of unprecedented potential, we have made glowing promises about how it will transform the daily lives of our fellow Americans, but we don’t know how to keep its dangerous by-products safe.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.