The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Senate Banking Bill Would Make Credit Freezes Free



The Senate is expected to approve a banking bill next week that includes a provision which would make credit report freezes free.

Consumers, understandably, had several reasons to be angry following last year's Equifax data breach.

The fact that 147.9 million people had their personal information exposed by the breach was maddening enough but in the breach’s aftermath, the idea that in order to protect their data individuals were encouraged to freeze their credit - a process that can cost $5 to $10 per credit reporting agency - felt like a lesson in irony.

Those days of paying agencies may soon be a thing of the past however.

The Wall Street Journal said Thursday the Senate is planning to approve a bipartisan agreement next week that would let consumers freeze access to their own credit data without paying a fee.

The agreement, part of a larger banking bill, would help set a national standard for credit freezes. Most states allow credit reporting firms like Equifax, Experian, and TransUnion to charge for freezes unless the individual was a victim of identity theft.

Only eight states, Indiana, Maine, Colorado, Maryland, New Jersey, New York, North Carolina, South Carolina, and the District of Columbia, waive the charge, regardless of whether or not an individual has been a victim of identity theft.

The agreement will prohibit agencies from charging fees both to freeze data and reinstate credit data access, the report claims.

The act is part of the Economic Growth, Regulatory Relief and Consumer Protection Act aka S. 2155, a bank deregulation bill scheduled for a vote on Tuesday. It’s currently backed by Republican leadership and 13 Senate Democrats, including Sen. Mark Warner (D-VA) – who with Elizabeth Warren (D-Mass.) – introduced a bill in January designed to penalize credit reporting agencies hit by data breaches.

Warner expressed his support for the bill in a series of tweets on Thursday afternoon and told the WSJ he wished the legislation did more to crack down on firms that handle sensitive data like Equifax.

“They have all of our personal information,” Mr. Warner told the publication. “And there are not clear standards and clear penalties.”

The Consumer Data Industry Association, a trade group that represents credit reporting agencies, said this week that its members support efforts to set up a national data breach notification, along with the language around credit freezes in the PROTECT Act of 2017, a similar act that would create a national framework for credit freezes so victims of identity theft, active military personnel, people over 65 years of age, and children are protected.

Francis Creigton, the CDIA’s President and CEO testified at a U.S. House Committee on Financial Services hearing Wednesday (.PDF) and said that implementing an agreement could help alleviate “consumer confusion on how to place a freeze and reduce administrative costs by having a single standard for compliance.”

U.S. PIRG, The Federation Of State Public Interest Research Groups, warned Wednesday the bill, if passed, could theoretically let credit bureaus charge consumers for temporary lifts.

"It also does not require passwords or PINs for removing freezes. This could make it easier for identity thieves to remove freezes on your credit reports and apply for credit in your name," the group warned.

Lost in the shuffle around news of last year's breach, which spilled Americans' names, Social Security numbers, birth dates, addresses, and some driver's license numbers, was the sheer amount of confusion around credit freezes.

Following the breach's announcement Equifax encouraged concerned customers to place a credit freeze on their account to minimize the risk of someone opening a new line of credit with their information. In order to request a freeze however, the credit reporting agency charged customers. The company did an about face 12 days later and refunded money individuals paid for freezes, the mere fact it was charging victims after the company had suffered a breach didn't sit well with many Americans.

The agency said at the end of January it would waive the fee for credit freezes to June 30, an extension from its original January 31 date, but now it appears it could extend that deadline in perpetuity.

Chris Brook

ANALYST REPORTS

Gartner 2017 Magic Quadrant for Enterprise Data Loss Prevention (DLP)

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.