At a congressional hearing last week, financial industry representatives pushed for legislation that would chip away at consumer protection rules governing the three major credit reporting bureaus. Loosening those regulations “would provide economic stability” by capping the industry’s exposure to class-action claims, a trade group official testified.þþHours later, one of the three bureaus, Equifax, disclosed a major data breach, which has potentially compromised the sensitive personal data of more than 143 million Americans.þþCapitol Hill is now demanding answers about the cyberattack. The Consumer Financial Protection Bureau, the Federal Trade Commission, and at least six state attorneys general have opened investigations.þþWhile authorities and consumers are calling for action, the push is unlikely to translate into new rules or legal curbs.þþThe credit bureaus have for decades successfully fended off calls in Congress for more oversight, despite warnings about potential problems that go back to Senator William Proxmire, a Wisconsin Democrat, in the 1960s. Now, the industry is likely to find support in the agenda of President Trump, who has pledged to strip away “burdensome” business regulations.þþþRegulators aren’t likely to fill the void. The F.T.C., which oversees data protection, can’t dole out big financial punishments. While the consumer bureau has shown a willingness to take on the industry, the agency is mainly focused on the accuracy of the data and the products that are sold to consumers.þþ“I have no reason to believe that this Congress has the capacity or will to actually legislate on those issues,” said Isaac Boltansky, an analyst at Compass Point Research & Trading. “The most we could see passing is targeted legislation aimed at enhancing consumer protections following identity theft.”þþFor years, consumer advocates have pressed for stricter oversight of the credit bureaus and stronger privacy rules covering all companies. One often-pursued goal is a federal privacy law mandating notifications to those whose personal information has been compromised, as well as meaningful financial penalties for lax data protection.þþWhile forty-eight states have passed security breach notification laws, calls for a nationwide standard have repeatedly fizzled. And Equifax has been a powerful force in the legislative and regulatory arena.þþEquifax spent $1.1 million on lobbying last year, up from $300,000 in 2006, according to data collected by the Center for Responsive Politics. The credit bureau recently lobbied on a range of cybersecurity issues, including “data security and breach notification,” “data breach response and identity protection” and “cybersecurity threat information sharing.”þþEquifax lobbied on two bills under scrutiny at last week’s House hearing, including one called the F.C.R.A. Liability Harmonization Act. The six proposals discussed at the hearing, all introduced by Republicans, would amend, and often scale back, a variety of consumer protection laws. The various proposals would ease certain mortgage lending rules, narrow the scope of debt collection restrictions and limit corporate liability by capping financial penalties for violations of the F.C.R.A., the Fair Credit Reporting Act.þþMeredith Griffanti, a spokeswoman for Equifax, said the company “works to ensure that new legislation captures the benefits of credit reporting to the U.S. economy, as well as the effects of certain regulation on the financial system.”þþ“We believe in fair industry regulation,” she added, “and advocating for policies that protect consumers’ rights, as well as the integrity of the consumer data industry.”þþCongress has sounded warnings for decades.þþIn the 1960s, a series of congressional hearings pulled the secretive industry into a public spotlight. Aggrieved customers, academic experts, and industry insiders spoke out about how the vendors — including Equifax, then known as the Retail Credit Company — amassed files filled with intimate personal information on millions of people.
Source: NY Times
