Equifax (EFX) CEO Richard Smith is set to testify before the Senate Banking Committee during the first week in October and while it’s likely he will get an earful from lawmakers over the massive data breach that impacted 143 million Americans, some experts are skeptical that Republicans will get on board with bills to increase regulations.
Several bills unveiled after the Equifax hack are so far missing a key ingredient for success: Republican co-sponsors.
Since early this year, President Donald Trump and the Republican-led Congress have strived to curb government’s influence on businesses, arguing that regulations stifle economic growth. Lawmakers have repealed more than a dozen Obama-era rules and the House voted in June to roll back much of Dodd-Frank, the landmark banking law created after the 2008 economic crisis that was designed to prevent future meltdowns.
And there is history. Despite numerous high-profile security breaches over the past decade at companies such as Target, Yahoo, Neiman Marcus and Home Depot, legislation that would toughen standards for storing customer data has failed to gain the necessary traction.
Unlike big financial institutions, credit agencies haven’t received the same oversight in the past, either.
“Typically the credit reporting agencies like Equifax don’t get the same kind of routine oversight [as banks and financial institutions] … Generally nobody looks at them until something happens,” Scott Vernick, top privacy and cybersecurity expert at Fox Rothschild, told FOX Business last week. “I don’t think anyone sort of stopped to think about the fact that you only have three credit reporting agencies [and] each of them holds about 200 million records.”
Jessica Rich, a vice president at Consumer Reports, said she has questioned over the years what event it would take for lawmakers to impose tougher data security regulations.
“I’m hoping this is the final wake-up call for Congress,” Rich said.
Advocacy groups seek legislation that would enhance the standards for companies that store consumer data and require prompt notification to affected Americans when breaches do occur. But, so far, Congress has opted to let states handle the issue.
“Lawmakers have got to plug the loopholes in current law, and we need tough civil penalties for those who break the law,” Rich said.
Senate and House Republicans say they are in fact-gathering mode before moving on any legislation. Separate hearings are scheduled the first week in October, with Equifax Chairman and CEO Richard Smith slated to testify — and likely to get a public thrashing from lawmakers.
Rep. Greg Walden, the Republican chairman of the House Energy and Commerce Committee, said he’s not ruling out new regulations as a result of the data breach at the credit agency, “but first we’ve got to get the facts.”
Democrats will be watching closely.
Sen. Elizabeth Warren, D-Mass., described the Equifax breach as a test, asking on the Senate floor will “we act quickly to protect American consumers, or are we going to cave in to firms like Equifax who have spent millions of dollars lobbying to Congress for weaker rules?”
Democrats have introduced several bills. One would require credit reporting companies to place a freeze on a consumer’s credit report without charge if that company is hacked. Currently, all 50 states have laws allowing consumers to place a security freeze on their credit report, but the freeze often comes with a fee.
Rep. Steve Cohen of Tennessee and 30 Democratic co-sponsors are backing legislation that would protect prospective employees from being forced to disclose their credit history as part of a job application process.
Meanwhile, Rep. Maxine Waters, D-Calif., is taking another crack at legislation designed to help consumers correct entries in their credit report.
Even if the Equifax breach fails to bring about the passage of new legislation, it has scuttled one bill in the works. On the day of Equifax’s announcement, a House subcommittee examined legislation that would have decreased the potential consequences when consumer reporting agencies falsely malign someone. Such mistakes can haunt consumers for years.