Barton, DeGette ask Equifax for further info on consumer protection

f t # e
Washington, October 11, 2017 | comments
Privacy Caucus Co-Chairs Seek Information from Equifax Interim CEO on Further Steps to be Taken They Ask How and Why the Company Determined Remedies for Data Breach Victims, and What More Can Be Done
share: f t

Washington, DC – The co-chairs of the Congressional Privacy Caucus, Rep. Joe Barton (R-TX) and Rep. Diana DeGette (D-CO), today sent a letter to Equifax Interim CEO Paulino do Rego Barros Jr. requesting information on any additional programs that his company plans to implement to assist the 145 million people whose data was compromised in the breach that was disclosed last month.

“It is important to understand Equifax’s decision-making process regarding consumer remedies given the historic size of the breach,” the letter said, “… and the potential decades-long effects of stolen personal information on the privacy and financial security of breach victims.” 

Noting that there is no national standard for the types of remedies that should be offered to people whose data has been compromised, the two legislators recommended that Equifax consider the steps taken by the Office of Personnel Management after federal employees’ data was compromised in 2015, such as credit and financial monitoring, dark web monitoring, public records monitoring and stolen funds reimbursement.

They asked the company to provide written responses to these questions:

1.      How did Equifax come to determine which remedies would be offered to consumers? Specifically, did Equifax consult any outside groups on the efficacy of consumer remedies or were all decisions made internally?

2.      In addition to the aforementioned remedies, what other options did Equifax consider for consumer remedies?

3.      When deciding what to offer consumers, did Equifax assess the costs associated with each remedy considered? If yes, were any remedies ultimately decided against, or offered for a limited period of time, due to cost?

4.      Will Equifax periodically review its offerings should new information on the efficacy of existing and future remedies become available? If not, why?

5.      Testimony before the Oversight and Investigations Subcommittee of the Energy and Commerce Committee in March 2015 has outlined the limited effectiveness of services such as credit monitoring. Were you aware of these shortcomings? If yes, to what degree did that information inform your decision-making in what remedies to offer?

Complete text of the letter is below.

 

 

                                                                                October 11, 2017

 

Paulino do Rego Barros Jr

Interim CEO, Equifax Inc.

1550 Peachtree Street NE

Atlanta, GA 30309

 

Dear Mr. Barros,

 

We are writing to request more information regarding the post breach remedies Equifax will make available to affected individuals as a result of the data breach that was disclosed on September 7, 2017.   It is important to understand Equifax’s decision-making process regarding consumer remedies given the historic size of the breach of 145 million customer files and the potential decades-long effects of stolen personal information on the privacy and financial security of breach victims.

 

While there is no national standard for the types of remedies that should be offered to individuals whose data has been compromised, the remedies offered by the federal government in the wake of the Office of Personnel Management (OPM) breach are instructive.  Following that breach in 2015, the federal government provided credit and financial monitoring, dark web monitoring, public records monitoring (e.g. court records, sex offender registries, payday loans), stolen funds reimbursement, $5 million in identity theft insurance, and concierge-style ID Care Specialists.

 

According to testimony from your former CEO to the Energy and Commerce Committee on October 3, 2017, Equifax’s suite of customer remedies includes “1) credit file monitoring by all three credit bureaus; 2) Equifax credit lock; 3) Equifax credit reports; 4) identity theft insurance; and 5) Social Security Number “dark web” scanning for one year,” all of which will be offered free of charge.

 

We ask Equifax to provide written responses to the following questions:

 

1.      How did Equifax come to determine which remedies would be offered to consumers? Specifically, did Equifax consult any outside groups on the efficacy of consumer remedies or were all decisions made internally?

 

2.      In addition to the aforementioned remedies, what other options did Equifax consider for consumer remedies?

 

3.      When deciding what to offer consumers, did Equifax assess the costs associated with each remedy considered? If yes, were any remedies ultimately decided against, or offered for a limited period of time, due to cost?

 

4.      Will Equifax periodically review its offerings should new information on the efficacy of existing and future remedies become available? If not, why?

 

5.      Testimony before the Oversight and Investigations Subcommittee of the Energy and Commerce Committee in March 2015 has outlined the limited effectiveness of services such as credit monitoring. Were you aware of these shortcomings? If yes, to what degree did that information inform your decision-making in what remedies to offer?

 

Please provide a response no later than November 3, 2017. Thank you for your attention to this important matter.

 

 

Sincerely,

f t # e

Stay Connected

Use the form below to sign up for my newsletter and get the latest news and updates directly to your inbox.