Democratic lawmakers introduced a bill on Wednesday that establishes financial penalties on credit reporting agencies, like Equifax (NYSE:EFX), for each piece of consumer information that is compromised during a cyberattack.
Continue Reading Below
The Data Breach Prevention and Compensation Act, sponsored by Senators Elizabeth Warren (D-Mass.) and Mark Warner (D-Va.), would grant the Federal Trade Commission (FTC) the power to fine credit agencies $100 for every piece of consumer data illegally accessed by unauthorized third parties, tacking on $50, per consumer, for each additional data point revealed.
If an agency fails to fully comply with federal notification standards after a breach has occurred, the financial penalties would automatically double and increase to a maximum of 75% of the agency’s gross revenue. Many viewed Equifax’s response to its massive data breach, which compromised the personally identifiable information of more than 145 million Americans, as not only unpunctual, but also woefully inadequate: After discovering in late-July that millions of consumer accounts had been compromised, it failed to notify the public until Sept. 7.
“The big credit bureaus collect and sell vast amounts of your personal information without your permission and without your control … [This bill] will ensure that credit bureaus protect your information as if you actually mattered to them and it will both punish them and compensate you when they fail to do so," consumer advocacy group U.S. PIRG said in a statement.
Aside from the financial penalties on companies, the bill would also require the FTC to use 50% of the penalties it collected to compensate consumers.
Warren and Warner propose the establishment of an Office of Cybersecurity at the FTC to help the agency oversee security practices at credit reporting agencies and to help carry out all of these responsibilities.
The bill is not the first introduced by Wall Street firebrand Warren in the wake of the Equifax breach. The first has not yet made it to the Senate floor.
Equifax declined to comment directly on the new legislation, redirecting FOX Business’ request to a third party organization representing all three credit agencies.