We’ve joined a group letter from over 25 consumer, civil rights, civil liberties and privacy groups opposing the latest Congressional proposal to exempt banks and other financial institutions, broadly defined to include Equifax and other credit bureaus, from stronger state data security, privacy and data breach protections. These Trojan Horse bills come riding in with tiny protections riding in the saddle, but massive elimination of stronger state laws hidden in the belly of the beasts. The proposal, HR6743, the Consumer Information Notification Requirement Act (Luetkemeyer (MO)), might also be called the “Equifax Protection Act.”
Excerpt from the letter, which you can obtain [click “download report”] from this page:
“There are many non-financial harms that can result from a data breach, such as harm to dignity from the compromise of nude photos, or harm to reputation from the compromise of personal email. A breach could even lead to physical harm, such as if logs of a domestic violence victim’s calls to a support hotline were to fall into the wrong hands. By weakening the notice standard in the overwhelming majority of states, this law would cause consumers to stop receiving notifications about breaches that they currently have a right to hear about today— breaches that could lead to physical or emotional harm.
Finally, it is particularly inappropriate that just one year after the massive Equifax data breach, resulting from the failure of a company supposedly covered by the FTC’s existing GLBA Safeguards Rule to maintain data security over a treasure trove of financial DNA, that the committee is considering weakening data security and data breach laws, instead of strengthening them or passing legislation to make companies like Equifax more accountable to their victims.”