HOBOKEN, N.J. – U.S. Senator Bob Menendez, a senior member of the Senate Banking Committee, today announced updated legislation to strengthen protections for consumers’ personal data, provide them with greater privacy rights and establish reasonable accountability measures for businesses and credit reporting agencies that fail to safeguard consumers’ personal information.
The recent Equifax security breach exposed the vital, personal information of 143 million Americans, including Social Security numbers, addresses, phone numbers, and payment histories used to determine the credit worthiness of those applying for jobs, housing, mortgages, lines of credit, car and student loans. An additional 209,000 consumers had their credit card numbers stolen, and another 189,000 people with disputes over their credit history had that information compromised.
“Whether you’re applying for a home mortgage or a new job, leasing a car or even buying a cell phone, your credit report is the cornerstone of your financial reputation, and credit reporting agencies like Equifax are supposed to be the trusted keepers of your personal financial that data,” said Sen. Menendez. “But Equifax chose not to make data security a priority, and now 143 million U.S. consumers, including four million right here in New Jersey, face a heightened risk for identity theft, financial fraud, and endless headaches. This epic breach highlights the urgent need for Congress to pass a new Commercial Privacy Bill of Rights with strengthened data security standards for credit reporting agencies and accountability measures for companies that retain vast troves of sensitive personal information online.”
Sen. Menendez explains what consumers can do to protect themselves from identity theft in the wake of the Equifax data security breach.
The Commercial Data Privacy Bill of Rights Act of 2017 is built upon legislation first introduced by Sen. Menendez in the aftermath of the 2013 Target breach, and includes new measures that heighten data security protocols at credit reporting agencies. The bill also requires credit reporting agencies to quickly inform the public and federal regulators of major data breaches and increase assistance for consumers whose information has been compromised.
Commercial Privacy Bill of Rights
New provisions after Equifax data breach
Existing provisions of bill
Sen. Menendez outlined the bill during a news conference held at Stevens Institute of Technology in Hoboken, home of the Center for the Advancement of Secure Systems and Information Assurance, a major cybersecurity research center designated by the National Security Agency. He was joined by Professor Giuseppe Ateniese, Stevens’ Computer Science Department chair, and Beverly Brown Ruggia of New Jersey Citizen Action.
The Senator also joined Sen. Elizabeth Warren (D-Mass.) in introducing the Freedom from Equifax Exploitation (FREE) Act, new legislation that would give consumers the ability to freeze and unfreeze their credit data at no charge.
"It is outrageous that Equifax made billions while mismanaging the most vital personal data of 143 million people, like my 22-year-old daughter, whose information Equifax says was likely compromised and now must enter the dismal and uncertain world of possible identity theft that can wreak havoc with everything from her ability to get a credit card or student loan, rent an apartment, or buy a car," said New Jersey Citizen Action's Beverly Brown Ruggia. "Equifax and its executives must be held accountable for woefully inadequate security system and for any deliberate attempts on their part to hide the breach; Congress must pass the Freedom from Equifax Exploitation (FREE) Act introduced by Senator Menendez and others; and we need to revisit his crucial Commercial Privacy Bill of Rights. Finally, Equifax's deceptive behavior clearly exemplifies why the Consumer Financial Protection Bureau must maintain full and independent authority to take enforcement actions."
The Commercial Privacy Bill of Rights Act and FREE Act are just the latest efforts by Sen. Menendez to hold Equifax accountable since news of the massive security breach broke earlier this month, which included yesterday leading a group of Democratic senators in calling for the Federal Trade Commission (FTC) to immediately review data security not only at Equifax, but also the other two major consumer reporting agencies, Experian and TransUnion.
"It is inexcusable that Equifax failed to undertake basic cyber and data security measures—neglecting to apply superior and readily available patches and protections—for the data of 143 million people,” said Dr. Ateniese, a cybersecurity expert. “This leaked data could translate into stolen identities, skimmed bank accounts, and manipulated credit reports, ruining the financial lives of millions of everyday people. While much of the damage is done, we as a society must realize that the future is one in which advanced technological solutions in cybersecurity are the only way to protect against equally massive hacking enterprises.”
Sen. Menendez led the call urging Senate Banking Committee Chairman Mike Crapo (R-Idaho) to schedule immediate hearings on the cause, scope, and implications of the data breach; pushed Equifax, along with several Democratic colleagues, to completely end its use of forced arbitration agreements that limit the ability of consumers to pursue justice in a public court of law or challenge widespread corporate wrongdoing—which Equifax eventually agreed to do amidst rising public pressure; and joined a bipartisan group of 34 Senate colleagues to request the Securities and Exchange Commission (SEC), the Department of Justice (DOJ), and the FTC to investigate the sale of nearly $2 million in Equifax securities held by high-level Equifax executives shortly after the company learned of a massive cybersecurity breach.
###
See more
April 16, 2024
April 14, 2024
March 12, 2024