WASHINGTON — Prospects are good for a public shaming in the Equifax data breach, but it’s unlikely Congress will institute sweeping new regulations after hackers accessed the personal information of an estimated 143 million Americans.
Since early this year, President Trump and the Republican-led Congress have strived to curb government’s influence on businesses, arguing that regulations stifle economic growth. Lawmakers have repealed more than a dozen Obama-era rules and the House voted in June to roll back much of Dodd-Frank, the landmark banking law created after the 2008 economic crisis that was designed to prevent future meltdowns.
Several bills unveiled after Equifax are so far missing a key ingredient for success: Republican co-sponsors.
And most important, there is history. Despite numerous high-profile security breaches over the past decade at companies such as Target, Yahoo, Neiman Marcus and Home Depot, legislation that would toughen standards for storing customer data has failed to gain traction.
Jessica Rich, a vice president at Consumer Reports, said she has questioned over the years what event it would take for lawmakers to impose tougher data security regulations.
“I’m hoping this is the final wake-up call for Congress,” Rich said.
Consumer advocacy groups seek legislation that would enhance the standards for companies that store consumer data and require prompt notification to affected Americans when breaches do occur. They also seek tough civil penalties for those who break the law. But, so far, Congress has opted to let states handle the issue.
Business groups are also worried that federal regulation will stifle innovation.
“When it comes to security, attempts to regulate today will become outdated tomorrow,” said a new report from the U.S. Chamber of Commerce.
Senate and House Republicans say they are in fact-gathering mode before moving on any legislation. Hearings are scheduled the first week in October, with Equifax Chairman and CEO Richard Smith slated to testify – and likely to get a public thrashing from lawmakers.
Rep. Greg Walden, the Republican chairman of the House Energy and Commerce Committee, said he’s not ruling out new regulations as a result of the data breach at the credit agency, “but first we’ve got to get the facts.”
Democrats have introduced several bills. One would require credit reporting companies to place a freeze on a consumer’s credit report without charge if that company is hacked. Currently, all 50 states have laws allowing consumers to place a security freeze on their credit report, but the freeze often comes with a fee.
Chi Chi Wu, an attorney at the National Consumer Law Center, said such freezes are the single most important step consumers can take to prevent new accounts from being opened in their name.
Democrats are also using the Equifax breach to reprise more longstanding concerns about the work of credit reporting companies like Equifax, Experian and TransUnion.
Rep. Steve Cohen of Tennessee and 30 Democratic co-sponsors are backing legislation that would protect prospective employees from being forced to disclose their credit history as part of a job application process.
Wu said credit checks are used as warning flags about potential employees.
“A lot of people have impaired credit, black marks on their credit report because something bad happened to them,” Wu said. “It was not because they were bad or irresponsible people. They were unlucky.”
Meanwhile, Rep. Maxine Waters, D-Calif., is taking another crack at legislation designed to help consumers correct entries in their credit report.
Under her bill, creditors who send negative information to a reporting agency must also give a heads-up to the consumer. Credit reporting companies would also have to dedicate sufficient resources to handling consumers’ appeals.
The appeals staff would have to meet minimum training and certification requirements.
Waters’ bill would also reduce the time that most adverse credit information may remain on reports from seven to four years.