Illustration: Aïda Amer/Axios

After Equifax agreed this week to a landmark settlement with state and federal regulators for its historic 2017 data breach, regulators are hoping that its penalties — which will cost Equifax up to $700 million — are big enough to deter the next firm from allowing the next breach.

Why it matters: There has never before been a breach like Equifax, where enough personal data was pilfered to steal the identity of the majority of U.S. adults. It's a milestone that consumers and regulators alike hope will only happen the once.

By the numbers: The Equifax settlement includes $275 million in penalties to state and federal regulators and up to $425 million to provide protection and reimbursement to consumers harmed in the breach.

Details: The consumer fund — which starts at $300 million, with provision to go up to $425 million as needed — will provide identity theft protection insurance and pay for four years of credit monitoring at all three major credit bureaus along with an additional six at Equifax.

But the fund also contains a unique feature that experts believe could become a new standard in future penalties for breaches. It will reimburse costs of dealing with the breach, like lawyers, out of pocket credit monitoring services and time spent wrangling with the whole ordeal, up to $20,000 per individual.

Stricter than Europe: Penalties under GDPR, Europe's privacy law, are usually portrayed as tougher than those in the U.S. While GDPR didn't take effect until after the Equifax breach, had Equifax spilled personal information on 147 million Europeans, the fine under GDPR would actually be smaller than what the U.S. just dished out.

  • Equifax did not encrypt personal data stolen in the breach, which would have violated GDPR. The penalty for violating GDPR is 2-4 percent of global revenue plus restitution.
  • For Equifax, which made $3.36 billion in revenue in 2017, that's a fine of $67 million. The state and federal regulator penalties for Equifax totaled around $200 million more than that.

The big question: Will this settlement's bite carry over to future breaches?

  • "There’s a real good chance the new reimbursement scheme will be the new standard," said Ken Dort, a data security and privacy attorney at Drinker Biddle.
  • However, experts think some of the high dollar totals may be more a response to alleged egregious mismanagement at Equifax that led to the breach.

The intrigue: It's only a matter of luck that a federal agency was able to dole out a fine for a privacy violation. While the CFPB can penalize financial institutions, no federal agency has the authority to fine most other companies on this issue.

  • Several lawmakers hope to pass legislation giving the Federal Trade Commission this central authority.
  • "Strengthening the FTC by giving it authority would be the strongest deterrent to future breaches," said Terrell McSweeny, a former FTC commissioner who is now an attorney at Covington.

What they're saying: "I expect a good number of lawyers will be using this as a case study for their clients in the future," said Marcus Christian, an attorney in Mayer Brown's cybersecurity practice.

Go deeper: How to file a claim over Equifax's data breach

Go deeper

Liberty University's Jerry Falwell Jr. agrees to “indefinite leave of absence”

Liberty University President Jerry Falwell Jr. in 2019. Photo: Ethan Miller/Getty Images

Jerry Falwell Jr. will take an “indefinite leave of absence” from his roles as president and chancellor of Liberty University after posting a photo of himself with unzipped pants and an arm around a woman on social media, according to the school.

The state of play: The picture, which has since been deleted, drew backlash and charges of hypocrisy from conservative political figures because the university's honor code strictly prohibits students from having "sexual relations outside of a biblically-ordained marriage," and recommends they dress with“appropriateness” and “modesty."

Updated 1 hour ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 4 p.m. ET: 19,189,737 — Total deaths: 716,669 — Total recoveries — 11,610,192Map.
  2. U.S.: Total confirmed cases as of 4 p.m. ET: 4,917,050 — Total deaths: 160,702 — Total recoveries: 1,598,624 — Total tests: 59,652,675Map.
  3. Politics: White House recommends Trump issue executive orders on coronavirus aid.
  4. Education: Cuomo says all New York schools can reopen for in-person learning.
  5. Public health: Surgeon general urges flu shots to prevent "double whammy" with coronavirus.
  6. World: Africa records over 1 million coronavirus cases — Gates Foundation puts $150 million behind coronavirus vaccine production.

White House recommends Trump issue executive orders on coronavirus aid

Treasury Secretary Steve Mnuchin (L) and White House Chief of Staff Mark Meadows speak to the media on Capitol Hill. Photo: Mandel Ngan/AFP via Getty Images.

White House chief of staff Mark Meadows and Treasury Secretary Steven Mnuchin said President Trump should sign executive orders unilaterally addressing coronavirus stimulus spending after negotiations with congressional Democrats stalled again on Friday.

Why it matters: Friday was viewed as a self-imposed deadline to negotiate a new relief bill. But after an intense week of negotiations on Capitol Hill, White House and Democratic leadership failed to reach a deal on delivering much needed aid to Americans and businesses.