Today, the Federal Trade Commission and the Consumer Financial Protection Bureau announced an Equifax settlement that includes a fine up to $700 million for the 2017 Equifax data breach that jeopardized sensitive financial data of millions of Americans. The settlement also requires Equifax to create a security program to ensure it meets industry best practices, and to require any third party accessing personal information held by Equifax to have comparable security in place.
The following statement may be attributed to Harold Feld, Senior Vice President of Public Knowledge:
“We are pleased that the proposed Equifax settlement incorporates many of the components Public Knowledge recommended when the Equifax breach first came to light. Specifically, we are glad that the proposed settlement includes not merely ongoing free credit monitoring service, but also a fund to compensate victims for the individual costs incurred in responding to the data breach (such as time spent responding to the breach and money spent on private credit freezes), and compensation for any actual damages from the data breach. Consumers should not have to bear the cost of corporate negligence and subsequent cover up, and we are glad that the FTC and other parties to the settlement recognized the importance of trying to make consumers whole.
“We also applaud the FTC and other parties for requiring enhanced security precautions and regular audits, and for requiring Equifax to impose similar security precautions on any third parties given access to personal data held by Equifax.
“At the same time, the fact that it took almost two years to reach this settlement, and the modest size of the monetary settlement given the size and scope of the beach, underscores the weakness of our federal and state privacy laws. If Congress cannot move quickly to pass strong privacy protections for consumers, then the individual states should follow the example of California and fill in the gap left by Congressional inaction.”
You may view our blog post, “The Right Response to Equifax,” for more information on the 2017 data breach and our recommendations.