Newsroom

January 10, 2018

Bill would impose fines on credit reporting agencies over data breaches

Sens. Elizabeth Warren, D-Mass., and Mark Warner, D-Va. – both members of the Senate Banking Committee – introduced a bill Wednesday that would create penalties for data breaches occurring at credit reporting agencies in light of last year's massive Equifax data breach.

The Data Breach Prevention and Compensation Act would set $100 fines for each consumer whose personal information is compromised in a credit reporting agency data breach and another $50 per person for each additional piece of identifiable information that's disclosed. The bill would cap the penalties at 50 percent of the credit reporting agencies' gross revenue from the prior year – except in extreme cases of negligence in which the penalties can go up to 75 percent of their prior year's gross revenue.

NAFCU has been a leading advocate for national data security standards that hold all entities that handle personal financial data – including credit reporting agencies – to the same standards as credit unions and other depository institutions. The association has repeatedly called for action to ensure that credit unions do not bear the cost of negligent data practices by any entity.

According to a NAFCU Economic & CU Monitor survey on cybersecurity released in November, 63 percent of respondents indicated they are "very concerned" about another Equifax-type data breach. The Equifax data breach revealed the personal financial information of more than 145 million Americans.

The bill introduced by Warner and Warren would also create an Office of Cybersecurity at the Federal Trade Commission, and would allow the commission the authority to write new regulations on data security standards.