Citing Equifax data breach, one state cracks down on credit-reporting agencies

Written by |
Advertisement

Three months after the Equifax data breach, in which as many as 145.5 million Americans had their personal information exposed, we are seeing the first real responses from attorneys representing American consumers. The state of New York this week moved to tighten consumer protections by announcing new regulations governing how credit-reporting agencies communicate cybersecurity breaches to consumers.

Equifax’s breach not only enormously damaged the reputation of the Atlanta-based firm, but also turned the spotlight on major credit agencies TransUnion and Experian, which are major cogs of the lending industry.

New York Governor Andrew Cuomo said Tuesday that “Consumer credit reporting agencies have a duty to deal fairly and honestly with all consumers, and here in New York, we will ensure the best protections are available to any victim of deceit.”

New York moves to strengthen consumer protections in wake of Equifax breach

In a statement, Cuomo added: “The current status quo of allowing consumers to be penalized for having their data breached is unacceptable, and with the addition of these new protections, this administration will hold agencies accountable and help protect New Yorkers and their financial future.”

The new rules, which will no doubt set a precedent that other states may well follow, go into effect immediately, courtesy of an emergency order. Here are what the new regulations do to protect consumers:

  • Require consumer credit-reporting agencies to identify “dedicated points of contact” for New York’s Division of Consumer Protection so that consumers there can promptly get the answers they need regarding their personal information
  • Mandate that the agencies respond in a timely manner — “within 10 days” — to any requests for information made on behalf of consumers by the Division of Consumer Protection
  • Stipulate that the agencies “plainly disclose” to consumers all fees associated with any identity theft protection product sold or purchased, “including when those products are originally offered for ‘free’
  • Require the agencies to disclose to New York’s Division of Consumer Protection all business relationships and contracts with companies involved in marketing credit monitoring services and related products.

Months after the Equifax data breach, companies and local governments are starting to get serious about cybersecurity.

“Technology and cybersecurity issues are the single most significant existential risk that businesses face,” Gerry Czarnecki, who heads a governance consulting firm called Deltennium Group, told the Wall Street Journal. “There’s the ability to bring organizations to their knees through a hack.”

To read the new regulations instituted in New York, click here.

Money expert Clark Howard says the No. 1 way to protect yourself from identity fraud is by freezing your credit.

Equifax breach: Get the latest info and advice all in one place

RELATED: Credit freeze guide: The best protection against identity theft

Advertisement

[anvplayer video=”4170900″ station=”998267″]

Advertisement