[BreachExchange] After Equifax breach, anger but no action in Congress

Richard Forno rforno at infowarrior.org
Mon Jan 1 10:25:06 EST 2018

After Equifax breach, anger but no action in Congress


The massive Equifax data breach, which compromised the identities of more than 145 million Americans, prompted a telling response from Congress: It did nothing.

Some industry leaders and lawmakers thought September’s revelation of the massive intrusion — which took place months after the credit reporting agency failed to act on a warning from the Homeland Security Department — might be the long-envisioned incident that prompted Congress to finally fix the country’s confusing and ineffectual data security laws.

Instead, the aftermath of the breach played out like a familiar script: white-hot, bipartisan outrage, followed by hearings and a flurry of proposals that went nowhere. As is often the case, Congress gradually shifted to other priorities — this time the most sweeping tax code overhaul in a generation, and another mad scramble to fund the federal government.

“It’s very frustrating,” said Rep. Jan Schakowsky of Illinois, the top Democrat on the House Energy and Commerce consumer protection subcommittee, who introduced legislation in the wake of the Equifax incident.

“Every time another shoe falls, I think, ‘Ah, this is it. This will get us galvanized and pull together and march in the same direction.’ Hasn’t happened yet,” said Sen. Tom Carper (D-Del.), a member of a broader Senate working group that has tinkered for years to come up with data breach legislation.

Every time lawmakers punt on the issue, critics say, they are leaving Americans more exposed to ruinous identity theft scams — and allowing companies to evade responsibility. With no sign that mammoth data breaches like the one at Equifax are abating, the situation is only growing more dire, according to cyberspecialists.

In the meantime, companies and consumers are left to navigate 48 different state-level standards that govern how companies must protect sensitive data and respond to data breaches. Companies say the varying rules are costly and time-consuming, while cyberspecialists and privacy hawks argue they do little to keep Americans’ data safe.

But while industry groups, security experts, privacy advocates and lawmakers of both parties agree that Congress must do something to unify these laws, no one has been able to agree on what that “something” should be.

< - >


More information about the BreachExchange mailing list