Congress criticizes Equifax data breach, but tighter regulations aren't likely
Though hackers have been able to get at personal consumer data, tougher regulations on how to store that data don't seem likely.
Washington—Prospects are good for a public shaming in the Equifax data breach, but it's unlikely Congress will institute sweeping new regulations after hackers accessed the personal information of an estimated 143 million Americans.
Since early this year, President Trump and the Republican-led Congress have strived to curb government's influence on businesses, arguing that regulations stifle economic growth. Lawmakers have repealed more than a dozen Obama-era rules and the House voted in June to roll back much of Dodd-Frank, the landmark banking law created after the 2008 economic crisis that was designed to prevent future meltdowns.
Several bills unveiled after Equifax are so far missing a key ingredient for success: Republican co-sponsors.
And most important, there is history. Despite numerous high-profile security breaches over the past decade at companies such as Target, Yahoo, Neiman Marcus, and Home Depot, legislation that would toughen standards for storing customer data has failed to gain the necessary traction.
Jessica Rich, a vice president at Consumer Reports, said she has questioned over the years what event it would take for lawmakers to impose tougher data security regulations.
"I'm hoping this is the final wake-up call for Congress," Ms. Rich said.
Consumer advocacy groups seek legislation that would enhance the standards for companies that store consumer data and require prompt notification to affected Americans when breaches do occur. They also seek tough civil penalties for those who break the law. But, so far, Congress has opted to let states handle the issue.
Business groups are also worried that federal regulation will stifle innovation.
"When it comes to security, attempts to regulate today will become outdated tomorrow," said a new report from the US Chamber of Commerce.
Senate and House Republicans say they are in fact-gathering mode before moving on any legislation. Separate hearings are scheduled the first week in October, with Equifax Chairman and CEO Richard Smith slated to testify – and likely to get a public thrashing from lawmakers.
Rep. Greg Walden (R) of Oregon, the Republican chairman of the House Energy and Commerce Committee, said he's not ruling out new regulations as a result of the data breach at the credit agency, "but first we've got to get the facts."
Democrats will be watching closely.
Sen. Elizabeth Warren, (D) of Massachusetts, described the Equifax breach as a test, asking on the Senate floor will "we act quickly to protect American consumers, or are we going to cave in to firms like Equifax who have spent millions of dollars lobbying to Congress for weaker rules?"
Democrats have introduced several bills. One would require credit reporting companies to place a freeze on a consumer's credit report without charge if that company is hacked. Currently, all 50 states have laws allowing consumers to place a security freeze on their credit report, but the freeze often comes with a fee.
Chi Chi Wu, an attorney at the National Consumer Law Center, said such freezes are the single most important step consumers can take to prevent new accounts from being opened in their name.
Democrats are also using the Equifax breach to reprise more longstanding concerns about the work of credit reporting companies like Equifax, Experian, and TransUnion.
Rep. Steve Cohen (D) of Tennessee and 30 Democratic co-sponsors are backing legislation that would protect prospective employees from being forced to disclose their credit history as part of a job application process.
Ms. Wu said credit checks are used as warning flags about potential employees.
"A lot of people have impaired credit, black marks on their credit report because something bad happened to them," Wu said. "It was not because they were bad or irresponsible people. They were unlucky."
Meanwhile, Rep. Maxine Waters, (D) of California, is taking another crack at legislation designed to help consumers correct entries in their credit report.
Under her bill, creditors who send negative information to a reporting agency must also give a heads-up to the consumer. Credit reporting companies would also have to dedicate sufficient resources to handling consumers' appeals. The appeals staff would have to meet minimum training and certification requirements.
Waters' bill would also reduce the time that most adverse credit information may remain on reports. The time period would drop from seven to four years.
The bill reflects frequent consumer angst about the information on their credit report. Last year, Americans submitted about 54,000 complaints with the Consumer Financial Protection Bureau about credit reporting issues. Three-quarters of those complaints alleged incorrect information in credit reports.
Even if the Equifax breach fails to bring about the passage of new legislation, it has scuttled one bill in the works. On the day of Equifax's announcement, a House subcommittee examined legislation that would have decreased the potential consequences when consumer reporting agencies falsely malign someone. Such mistakes can haunt consumers for years.
The bill would have eliminated punitive damages for violations of the Fair Credit Reporting Act. The bill's sponsor, Rep. Barry Loudermilk (R) of Georgia, said the legislation was aimed at curbing frivolous lawsuits and would not have granted any immunity to Equifax for the data breach. "Nevertheless, given the unfounded attacks on me and the rampant misinformation circulating about this legislation, the Financial Services Committee has not scheduled further action on any bill at this time."
Wu, who testified against Representative Loudermilk's bill, said she believes that legislation providing for the free credit freeze probably has the best chance of passage.
"I'm skeptical this particular Congress will be up for wholesale reform," Wu said.
This story was reported by The Associated Press.