Senate Democrats pitched new legislation this week to lay strict cybersecurity requirements on companies handling sensitive consumer data like Equifax, and new rules to hold them accountable when they’re negligent.
Lawmakers want to tackle damaging hacks of consumer information like the recent Equifax breach with the Data Broker Accountability and Transparency Act. The law targets “data brokers” like Equifax collecting and selling sensitive consumer data and would give consumers the power to stop companies from using, sharing, or selling their information for marketing purposes.
The law puts new privacy and security standards in place for data brokers and requires notifying consumers in the event of a breach like the one at Equifax (the company took six weeks before announcing the Social Security numbers, birth dates, and home addresses for 143 million Americans, along with driver’s license numbers, 209,000 credit card numbers, and 182,000 credit dispute documents were taken).
If adopted the bill would let consumers access and correct their information to ensure accuracy, and it would empower the Federal Trade Commission — the federal privacy and consumer protection agency currently investigating the hack — to enforce the act and create new rules for data brokers within a year and create “a centralized website for consumers to view a list of covered data brokers and information regarding consumer rights.”
Democratic Sens. Ed Markey of Massachusetts, Richard Blumenthal of Connecticut, Sheldon Whitehouse of Rhode Island, and Al Franken of Minnesota introduced the bill Thursday.
“As we have recently witnessed with the Equifax breach, data brokers can play fast and loose with Americans’ most sensitive personal information,” Markey said. “The era of data keepers has given way to an era of data reapers.”
Markey said it was time to “shed light on this ‘shadow’ industry of surreptitious data collection that has amassed covert dossiers on hundreds of millions of Americans.”
Blumenthal described Equifax and others’ “profiting off the sale of personal consumer information” a “shameless violation of the privacy and security of millions of Americans.” Franken said consumers should decide “whether information about their personal lives should be available for sale to the highest bidder.”
The bill has already secured endorsements from tech privacy and consumer advocacy groups like the Center for Digital Democracy. The group’s executive director, Jeff Chester said companies like Equifax, “a stealth data broker that mines our information 24/7 . . . will now be held more accountable for what they do.”
Markey’s bill is one among a growing number of legislative solutions proposed and re-introduced since the July hack was revealed last week, some targeting cybersecurity while others aim to reform the entire credit reporting sector. Most all have been pitched by Democrats.
Another from Democratic Sen. Ron Wyden of Oregon introduced Thursday bans credit reporting agencies from charging fees to freeze consumers’ credit.
“Companies like Equifax that have stockpiled massive, insecure databases of Americans’ most sensitive personal data must make security the top priority at every single stage,” Wyden, the ranking Democrat on the Senate Finance Committee, said in a statement.
The Free Credit Freeze Act would give all consumers the option to use PIN numbers to freeze and unfreeze their credit without incurring service fees from credit firms, an option aimed at stopping fraudsters from opening unauthorized lines of credit.
“Given the frequency of these mega breaches, it is simply unacceptable for the credit agencies to continue to charge hardworking Americans who want to protect their credit and their identity from fraudsters,” Wyden said.
Equifax took heat last week for trying to force victims of the hack to give up their right to sue the firm in exchange for a year of free credit monitoring. The company has since altered the terms of service.