Sens. Mark Warner (D-Va.) and Elizabeth Warren (D-Mass.) have introduced the Data Breach Prevention and Compensation Act, which would hold credit reporting agencies (CRAs)--like Equifax--accountable for data breaches.
The bill would give the Federal Trade Commission more authority over CRA data security--the FTC could get very busy given its newly returned authority over broadband ISPs under the Restore Internet Freedom order--mandate penalties to "incentivize" more online protections of consumer data, and compensate consumers "robustly" for stolen data.
The bill would also establish an office of cybersecurity at the FTC to oversee CRAs.
Last September, Equifax revealed it had been hacked and that sensitive information--Social Security numbers, credit card numbers, drivers license numbers--had been obtained from somewhere north of 145 million people. The FTC began investigating the breach soon after, which Warner, a former tech exec, had sought.
“In today’s information economy, data is an enormous asset. But if companies like Equifax can’t properly safeguard the enormous amounts of highly sensitive data they are collecting and centralizing, then they shouldn’t be collecting it in the first place,”
said Warner. "“The financial incentives here are all out of whack – Equifax allowed personal data on more than half the adults in the country to get stolen, and its legal liability is so limited that it may end up making money off the breach,” said Warren.
"This bill creates greater incentive for these companies to handle our data with care and gives the Federal Trade Commission the tools that it needs to hold them accountable,” said Susan Grant, director of consumer protection and privacy at the Consumer Federation of America.