Click here for video of the hearing.
WASHINGTON – During a Senate Commerce, Science, and Transportation Committee hearing today, Senator Maggie Hassan questioned former and current Equifax executives about protecting consumer data and the company’s responsibility to adequately notify consumers of and remediate the damage from data breaches like the one Equifax recently experienced.
Senator Hassan asked Interim Equifax CEO Paulino do Rego Barros, Jr. and former Equifax CEO Richard Smith what they consider when determining whether to notify and remediate the damage done to consumers from data breaches. When Mr. Smith said they “took very seriously the state requirements,” Senator Hassan called attention to the fact that those state laws are the minimum action required, and pressed him on what Equifax is doing beyond that. The witnesses declined to specify what proactive steps Equifax has taken to respond to consumer data breaches.
Senator Hassan also questioned Mr. Barros on the difference between credit “freezes” versus credit “locks” as a means of protecting consumers from identity fraud. Equifax is encouraging consumers to use a credit lock instead of credit freeze, and Mr. Barros claimed during the hearing that there is no difference between a credit freeze and a credit lock. Senator Hassan disputed that characterization, and experts including Consumer Reports have pointed out that credit freezes offer better protections to consumers against fraud. The Senator also stated her intention to follow up with Mr. Barros on the levels of fees Equifax may be charging for these types of services in the wake of its massive data breach.
Following the Equifax breach, Senator Hassan joined a group of her colleagues in calling for the Federal Trade Commission (FTC) to immediately review data security not only at Equifax, but also at the other two major consumer reporting agencies, Experian and TransUnion. She also called on the FTC to outline specific actions being taken to ensure that consumers do not fall victim to additional attacks on their personal information.
###