EXECUTIVE SUMMARY:

Senators Elizabeth Warren and Mark Warner introduced a bill today that would impose significant fines on credit agencies that suffer data breaches–and award half the collected fees to affected consumers.

The bill is a response to the major Equifax data breach from 2017, which compromised personally identifiable information of at least 145 million Americans. Given that credit agencies wield strong influence over many aspects of people’s lives, lawmakers want to give the FTC the authority to hold Equifax and its peers accountable, while compensating consumers who are impacted.

Tony Romm from Recode reports that part of the drive behind this bill is that despite intense hearings following Equifax’s massive data breach, no real penalties materialized. “Congress couldn’t even advance basic legislation that aimed to refund consumers who had to purchase credit freezes from the very credit-reporting agencies, like Equifax, that had been hacked,” writes Romm.

Had this new legislation been in effect when the Equifax data breach occurred, the agency would have had to pay about $1.5 billion to the FTC. Explains Romm, “That’s because their measure would allow the FTC to fine credit-reporting agencies $100 for each consumer whose personal information was stolen by a hacker — and an another $50 for each additional piece of personal information compromised per individual. Total fines would be capped based on a credit-reporting agency’s revenue, but could increase further if the likes of Equifax failed to follow basic cybersecurity practices.”

Read the full story at Recode.