Advocates Seek Congressional Action on Credit Data Protection
Octavio Blanco
Consumer Reports has no financial relationship with advertisers on this site.
A number of advocacy groups, including Consumers Union, the policy and mobilization arm of Consumer Reports, are calling on Congress for quick legislative action following the massive Equifax hack this summer.
On Monday, Consumers Union sent a letter to Congress demanding that it take steps to protect consumer credit data and pass legislation that would require companies to adopt reasonable practices to ensure the security of such data.
Given how widespread the problem is, Consumers Union supports comprehensive reforms that would establish strong data breach security notification requirements and free credit freezes, create more transparency over the consumer reporting and credit-scoring process, and increase the accountability of those who develop credit-scoring models.
Other consumer advocates are also seeking tighter regulations on the industry. The National Consumer Law Center has also endorsed the Free Credit Freeze Act, introduced by Sen. Ron Wyden (D-Ore.), and the Freedom from Equifax Exploitation Act, introduced by Sen. Elizabeth Warren (D-Mass.).
“The most immediate concern is for Congress to enact a law giving consumers the right to free credit freeze,” says Chi Chi Wu, an NCLC staff attorney. “But on a broader level we’ve been advocating for wide reforms in the consumer credit reporting industry.”
The NCLC and Consumers Union back a bill for comprehensive credit reform introduced by Rep. Maxine Waters (D-Calif.); that bill seeks to enhance consumers’ credit reporting rights, create more transparency over the consumer reporting and credit-scoring process, and increase the accountability of those who develop credit-scoring models.
In Monday’s letter, Consumers Union outlined steps Congress should take to better protect consumers.
Strong data security and data breach notification requirements for companies. As part of stronger data breach requirements, Consumers Union recommends that Congress include tougher penalties on companies that violate security requirements.
“Although there are laws currently on the books, they contain many gaps and impose few if any sanctions for noncompliance,” the letter said.
It also said a national law should require that companies quickly inform people when their data has been breached. However, it stresses that any new federal law should not preempt strong state laws to protect consumers.
Wu agreed, saying that this was why advocates have not historically been in favor of national laws. Often they preempt stronger state laws.
But Consumers Union says many state-level laws aren’t muscular enough.
“Although data breach laws have been adopted in all but two states, these laws are inconsistent, and some offer insufficient protections. For example, many state laws have high thresholds for notice to consumers, or fail to define personal information broadly enough,” Consumers Union said.
Free security freezes and better access to fraud alerts for consumers. Consumers Union wrote that state security freeze laws vary too much. For example, not all states allow parents or guardians to place security freezes on a minor’s credit reports, and most states allow credit bureaus to charge fees to place or lift a freeze.
“Moreover, no states that we are aware of provide consumers the right to place a freeze on their specialty consumer reports,” Consumers Union said.
Specialty consumer reports contain information on consumers’ medical conditions, drug prescriptions, tenant history, employment, check writing, and insurance claims.
Stronger controls over the sensitive data that credit bureaus collect and use. “The Equifax breach illustrates the enormous range of information that credit bureaus collect about consumers—information that determines whether consumers get jobs, loans, insurance, phone service, cars, and many other services that are essential to daily life,” the advocates wrote.
To ensure that consumers are not denied these benefits based on flawed information, Consumers Union is calling on Congress to strengthen existing requirements governing credit report accuracy and fairness.
“Given the unprecedented level of data collection in today’s marketplace, and emergence of new privacy threats every day, now is the time to ensure that all Americans have the data protections they deserve,” the letter said. “Consumers Union looks forward to working with members of Congress, in a bipartisan fashion, to address these vital consumer protection issues.”
The letter was sent ahead of a busy week on Capitol Hill. There are at least four hearings related to Equifax currently scheduled, the first of which will take place at 10 a.m. Tuesday before the Digital Commerce and Consumer Protection Subcommittee of the House Committee on Energy and Commerce.
