logo

 

No matter how secure you think your organization is,
you can always get Stronger.

When it comes to protecting your company’s data and your customers identities from phishing, ransomware and other forms of cybercrime, there’s no such thing as safe enough. Stronger International’s consulting and training programs can help safeguard your company’s most precious asset, your reputation. In a world where identity fraud occurs every two seconds, it’s not a question of if you will be attacked, only when. Remember, risking your data is risking your business. Our security awareness course offerings include onsite, live-remote, and computer-based training options. We also provide risk assessment consulting, security planning, and vulnerability testing at the department, division or enterprise level. Beyond Security Awareness Training we offer a full range of compliance requirement training including HIPAA, PCI, and GLBA. Get trained and get Stronger.

info@stronger.tech
+1 509.290.6598
Legislate Cybersecurity equifax

Equifax’s 2017 Breach – Can we Legislate Cybersecurity?

Equifax’s mishandling of their data breach in 2017 will have consequences-not only for their customers but for all CRA’s (Credit Reporting Agencies) in the US. All consumers need to be aware of their personal data and what they can do to safeguard this data. The question is can the government legislate penalties to ensure safety. Most agree that something needs to be done, so that another breach of this magnitude and mishandling does not occur again.

 

There are two pieces of legislation currently making their way through congress; both are directly related to Equifax’s 2017 breach that compromised as many as 143 million records.

 

1. The Data Breach Prevention and Compensation Act

The first piece of legislation is the Data Breach Prevention and Compensation Act, created by Elizabeth Warren (D-MA) and Mark Warner (D-VA). It proposes a that a new Office of Cyber Security be opened under the Federal Trade Commission for oversight of CRA agencies.  The new office would conduct annual inspections and be responsible for regulating CRA’s adherence to data security guidelines.

 

The legislation would impose mandatory penalties for consumer data breaches, starting at $100 per each piece of data breached and increasing $50 more, for each additional piece of data breached. The maximum penalty would be up to 50% of the CRA’s previous year’s gross revenue. Additionally, the bill would allow the FTC to allot 50% of the penalty to compensate consumers. If the CRA in question is found to have inadequate cybersecurity guideline adherence or if it fails to notify the FTC of a breach within 10 days, per record penalties would double and the maximum penalty would increase to 75% of the agency’s gross revenue for the prior year.

 

Senator Warren said, “The financial incentives here are all out of whack – Equifax allowed personal data on more than half the adults in the country to get stolen, and its legal liability is so limited that it may end up making money off the breach.”

 

Many Consumer Groups and cybersecurity experts are expressing support for the new legislation; including the Consumer Protection and Privacy at Consumer Federation of America, U.S. Public Interest Research Group (PIRG), and the Electronic Privacy Information Center.

 

2. The Freedom from Equifax Exploitation (FREE) Act

The second piece of legislation is much smaller and more concise, called The Freedom from Equifax Exploitation (FREE) Act, introduced in September 2017. The bill aims, in part, to prevent the CRA from profiting from consumer information during a breach, by restricting the sale of consumer information under a credit freeze.  It also will require CRAs to provide procedures for lifting a credit freeze at no charge to the consumer, along with a variety of provisions for fraud alerts.

 

The clear message to businesses in general – Be responsible in your cybersecurity efforts. The Government is lagging behind the industry in legislating a solution for safeguarding the public. But it will soon catch up.   

 

No Comments

Post a Comment

Comment
Name
Email
Website