Jan 10, 2018

Democrats want penalties for breaches at credit reporting agencies

Senators Mark Warner and Elizabeth Warren. Photo: T.J. Kirkpatrick / Bloomberg via Getty Images

Sens. Elizabeth Warren and Mark Warner introduced a bill today that would allow the Federal Trade Commission to slap penalties on credit reporting agencies (CRAs), like Equifax, when they have inadequate cybersecurity, when their data is breached, and when they don’t report those breaches in a timely manner. It also includes measures to compensate consumers whose data is compromised.

Why it matters: Equifax’s massive breach, announced last September, compromised over 145 million Americans’ personal identifying information, including Social Security Numbers, credit card numbers, and driver’s license numbers.

Although Democrats and Republicans alike grilled executives from Equifax on the breach last fall, bills that would have compensated affected consumers went nowhere.

Between the lines:

  • Warner has floated the idea that federal data breach laws could be recrafted to address different industry-specific needs, per Politico’s Martin Matishak.
  • It’s no shocker that the bill comes from two Democrats — states currently have different rules on reporting breaches, and Republican support for a proposal that would allow the federal government to preempt those state rules will likely be difficult to secure.

The bill, known as the “Data Breach Prevention and Compensation Act,” is about maintaining Americans’ access to credit in spite of a company’s data breach for Senator Warner. “This bill will ensure that companies like Equifax…are taking appropriate steps to secure data that’s central to Americans’ identity management and access to credit.”

  • The bottom line, per Senator Warren: “If companies like Equifax can’t properly safeguard the enormous amounts of highly sensitive data they are collecting and centralizing, then they shouldn’t be collecting it in the first place.”
  • It would create an Office of Cybersecurity at the FTC, which would conduct annual inspections of cybersecurity at CRAs.
  • Proposed penalties: In cases of “woefully inadequate cybersecurity” or failure to notify, the Senators propose fining doubly the automatic per consumer penalties, and increase the maximum penalty to 75% of the company’s gross revenue.
  • Proposed compensation: A base penalty of $100 per consumer who had one piece of personal identifying information (PII) breached, and $50 for each additional one. Normally, consumers will receive $1 or $2 back, per the Senators.
  • The bill would also force CRAs to return half of what they pay to the government back to consumers.

Go deeper

World coronavirus updates: World Bank warns economic pain unavoidable

Data: The Center for Systems Science and Engineering at Johns Hopkins, the CDC, and China's Health Ministry. Note: China numbers are for the mainland only and U.S. numbers include repatriated citizens and confirmed plus presumptive cases from the CDC

The novel coronavirus has caused a "global shock" and significant economic pain "seems unavoidable in all countries," the World Bank said in an economic update for
East Asia and the Pacific on Monday.

The big picture: COVID-19 cases surged past 786,000 and the death toll exceeded 37,800 early Tuesday, per Johns Hopkins data. Italy reported more than 11,500 total deaths.

Go deeperArrowUpdated 36 mins ago - Health

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 2 a.m. ET: 786,228 — Total deaths: 37,820 — Total recoveries: 166,041.
  2. U.S.: Leads the world in confirmed cases. Total confirmed cases as of 2 a.m. ET: 164,603 — Total deaths: 3,170— Total recoveries: 5,896.
  3. Federal government latest: The White House will extend its social distancing guidelines until April 30.
  4. State updates: Rural-state governors say testing is still inadequate, contradicting Trump — Virginia, Maryland and D.C. issue stay-at-home orders to residents, joining 28 other states.
  5. Business latest: Ford and General Electric aim to make 50,000 ventilators in 100 days.
  6. In photos: Navy hospital ship arrives in Manhattan.
  7. What should I do? Answers about the virus from Axios expertsWhat to know about social distancingQ&A: Minimizing your coronavirus risk.
  8. Other resources: CDC on how to avoid the virus, what to do if you get it.

Subscribe to Mike Allen's Axios AM to follow our coronavirus coverage each morning from your inbox.

U.S. coronavirus updates: Death toll tops 3,000

Data: The Center for Systems Science and Engineering at Johns Hopkins; Map: Andrew Witherspoon/Axios

The U.S. death toll from the novel coronavirus has now surpassed 3,000, per Johns Hopkins data.

The state of play: The U.S. had by Monday night recorded more than 163,000 positive cases — more than any other country in the world, per Johns Hopkins. The COVID-19 death toll stood at 3,008. The number of recoveries had risen to more than 5,800.

Go deeperArrowUpdated 5 hours ago - Health