Illustration: Aïda Amer/Axios

After Equifax agreed this week to a landmark settlement with state and federal regulators for its historic 2017 data breach, regulators are hoping that its penalties — which will cost Equifax up to $700 million — are big enough to deter the next firm from allowing the next breach.

Why it matters: There has never before been a breach like Equifax, where enough personal data was pilfered to steal the identity of the majority of U.S. adults. It's a milestone that consumers and regulators alike hope will only happen the once.

By the numbers: The Equifax settlement includes $275 million in penalties to state and federal regulators and up to $425 million to provide protection and reimbursement to consumers harmed in the breach.

Details: The consumer fund — which starts at $300 million, with provision to go up to $425 million as needed — will provide identity theft protection insurance and pay for four years of credit monitoring at all three major credit bureaus along with an additional six at Equifax.

But the fund also contains a unique feature that experts believe could become a new standard in future penalties for breaches. It will reimburse costs of dealing with the breach, like lawyers, out of pocket credit monitoring services and time spent wrangling with the whole ordeal, up to $20,000 per individual.

Stricter than Europe: Penalties under GDPR, Europe's privacy law, are usually portrayed as tougher than those in the U.S. While GDPR didn't take effect until after the Equifax breach, had Equifax spilled personal information on 147 million Europeans, the fine under GDPR would actually be smaller than what the U.S. just dished out.

  • Equifax did not encrypt personal data stolen in the breach, which would have violated GDPR. The penalty for violating GDPR is 2-4 percent of global revenue plus restitution.
  • For Equifax, which made $3.36 billion in revenue in 2017, that's a fine of $67 million. The state and federal regulator penalties for Equifax totaled around $200 million more than that.

The big question: Will this settlement's bite carry over to future breaches?

  • "There’s a real good chance the new reimbursement scheme will be the new standard," said Ken Dort, a data security and privacy attorney at Drinker Biddle.
  • However, experts think some of the high dollar totals may be more a response to alleged egregious mismanagement at Equifax that led to the breach.

The intrigue: It's only a matter of luck that a federal agency was able to dole out a fine for a privacy violation. While the CFPB can penalize financial institutions, no federal agency has the authority to fine most other companies on this issue.

  • Several lawmakers hope to pass legislation giving the Federal Trade Commission this central authority.
  • "Strengthening the FTC by giving it authority would be the strongest deterrent to future breaches," said Terrell McSweeny, a former FTC commissioner who is now an attorney at Covington.

What they're saying: "I expect a good number of lawyers will be using this as a case study for their clients in the future," said Marcus Christian, an attorney in Mayer Brown's cybersecurity practice.

Go deeper: How to file a claim over Equifax's data breach

Go deeper

Mayors plan multifront attack on census shutdown

Illustration: Sarah Grillo/Axios

A growing number of mayors are banding together to fight what they consider to be an inaccurate and abruptly curtailed 2020 census, using an arsenal of legal, legislative and congressional efforts.

Why it matters: The outcome may determine whether President Trump or Joe Biden controls the redistricting process, which governs everything from congressional representation and redistricting to funding for schools and Head Start.

Updated 52 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Politics: Chris Christie: Wear a mask "or you may regret it — as I did" — Senate Democrats block vote on McConnell's targeted relief bill.
  2. Business: New state unemployment filings fall.
  3. Economy: Why the stimulus delay isn't a crisis (yet).
  4. Health: Many U.S. deaths were avoidable — The pandemic is getting worse again.
  5. Education: Boston and Chicago send students back home for online learning.
  6. World: Spain and France exceed 1 million cases.
2 hours ago - Technology

Facebook Oversight Board begins hearing appeals

Illustration: Aïda Amer/Axios

The Facebook Oversight Board announced Thursday that some Facebook and Instagram users can now submit appeals to the Oversight Board for an independent review of their own content removals.

Why it matters: The board, a first-of-its-kind internet governance body, will begin hearing cases from users ahead of the U.S. election.