Director, Consumer Campaign, PIRG
Director, Consumer Campaign, PIRG
Washington, D.C. – Congress is considering three bills this week that would let Equifax and the other credit bureaus off the hook for data breaches and credit freezes. U.S. PIRG is pointing out how these bills would exempt banks, Equifax, and other credit bureaus from data breach notifications, allow credit bureaus to still charge consumers credit freeze related fees, and deny the right of states to protect their citizens from any and all privacy invasions.
“For all this talk about action after the Equifax breach, Congress hasn’t done anything in 6 months but is now moving to make things worse,” said Mike Litt, consumer campaign director with U.S. PIRG. “Why isn’t Congress voting on or having hearings about bills that would help prevent future data breaches, or better inform consumers when there are breaches, or give complete control back to us over our own information?”
The three bills would let Equifax off the hook in the following ways:
S.2155 – The “Economic Growth, Regulatory Relief, and Consumer Protection Act” was brought to the full Senate yesterday. In addition to putting borrowers at risk of mortgage fraud and discrimination and putting our economy at risk of another crisis, this bill includes a credit freeze provision that preempts and replaces state freeze laws with a new federal law that could weaken your credit security — and cost you even more, depending on where you live.
While the provision eliminates fees for getting and permanently removing credit freezes, it appears to allow credit bureaus to charge consumers for temporary lifts when the consumer wants to apply for credit, insurance or, in some cases, employment.
It also does not require passwords or PINs for removing freezes. This could make it easier for identity thieves to remove freezes on your credit reports and apply for credit in your name.
A more in-depth look at the problems with the freeze in this bill is available here.
Data Acquisition and Technology Accountability and Security Act – The House Financial Services Committee is holding a hearing this afternoon about a draft bill that requires merchants, telecoms and some others to notify the public when they are hacked. But it exempts firms already covered under the Gramm-Leach-Bliley Act of 1999 which includes all banks and “other financial institutions”, including Equifax and the other big credit bureaus. Under GLBA, they do not have to provide breach notices, only breach response plans. It would also override and replace stronger requirements that many states already have in place.
“This bill is the worst of both worlds,” said Litt. “If these industries want a uniform standard, they could take the strongest state laws and apply them to all consumers across the country – they don’t need Congress for that. This is simply an attempt to set weaker laws as the ceiling for what states can do to protect consumers.”
H.R. 4028 – The “Promoting Responsible Oversight of Transactions and Examinations of Credit Technology Act of 2017” is also being discussed during a House Financial Services Committee hearing this afternoon. This bill includes a credit freeze provision that allows the credit bureaus to charge consumers $5 for each freeze, temporary lift, and removal.
Credit freezes are a commonsense tool that prevents new account identity theft that have been adopted nationwide. We, as consumers, shouldn’t have to pay to control or protect our financial information when we didn’t give them permission to collect it or sell it in the first place.
“A lot of people are talking about what a big week this is for banks. It’s also a big week for Equifax and the other credit bureaus,” said Litt. “When is Congress going to plan a big week for consumers?”
U.S. PIRG is the federation of state Public Interest Research Groups. PIRGs are non-profit, non-partisan public interest advocacy organizations that stand up to powerful interests whenever they threaten our health and safety, our financial security, or our right to fully participate in our democratic society. On the web at www.uspirg.org.