Sens. Ed Markey, D-Mass, Richard Blumenthal D-Conn., Sheldon Whitehouse D-R.I., and Al Franken D-Minn., introduced a bill on Sept. 14 to require accountability and transparency for credit report companies that are collecting and selling personal information about consumers.
The legislation follows the Equifax breach, which affected 143 million Americans, and compromised names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.
“As we have recently witnessed with the Equifax breach, data brokers can play fast and loose with Americans’ most sensitive personal information,” Markey said in a statement. “We need to shed light on this ‘shadow’ industry of surreptitious data collection that has amassed covert dossiers on hundreds of millions of Americans. This bill requires data brokers to put in place comprehensive privacy and data security programs so that consumers in Massachusetts and throughout the country do not experience another Equifax.”
The Data Broker Accountability and Transparency Act would allow consumers to access and correct their information. The bill also enforces that companies allow consumers the right to stop data brokers from using, sharing, or selling their personal information for marketing purposes.
“The Equifax scandal is conclusive evidence that consumers need and deserve these protections–without delay,” said Blumenthal. “Third-party data brokers profiting off the sale of personal consumer information is a shameless violation of the privacy and security of millions of Americans. In the face of ubiquitous online security threats–more pertinent than ever following the Equifax data breach–Congress must act to put the power back in the hands of consumers.”
The bill also requires data brokers to develop comprehensive privacy and data security programs and to provide reasonable notice in the case of breaches. In the case of the Equifax breach, the company discovered the breach on July 29, and announced it to the public Sept. 7. Rep. Ted Lieu, D-Calif., noted in his letter to the House Judiciary Committee that it was “disturbing” that Equifax took six weeks to inform users that their data had been breached.
The legislation gives the Federal Trade Commission (FTC) the power to enforce the law and create rules within one year, including rules necessary to establish a centralized website for consumers to view a list of covered data brokers and information regarding consumer rights.
“I believe Americans have a fundamental right to privacy, including the right to determine whether information about their personal lives should be available for sale to the highest bidder,” said Franken. “The unprecedented breach of Equifax’s databases, which compromised the sensitive data of 143 million Americans, underscores the need for transparency and accountability from the companies that trade on our privacy. This bill will help ensure consumers regain control of their personal information.”
Congressional committees are also seeking answers about the breach, as House Oversight Committee Chairman Trey Gowdy, R-S.C., and House Science, Space, and Technology Committee Chairman Lamar Smith, R-Texas, sent a letter to the CEO of Equifax requesting documents and a briefing on the breach.
“While the sensitive data stored by Equifax is undoubtedly a target for hackers, Congress has a responsibility to ensure the PII (personally identifiable information) of all Americans is properly protected,” the congressmen wrote. “Equifax holds a wealth of PII for tens of millions of Americans, providing credit checks that are a crucial part of the decision-making process for home loans, credit cards, and obtaining jobs. To better understand the ramifications of the breach for consumers and the federal government, the delay by Equifax in publicizing the breach, and any mitigating steps being taken by Equifax, the Committees request a briefing by Equifax no later than September 28, 2017.”
Editor’s Note: This story has been updated.
Contributing: Jessie Bur