Equifax’s recent data breach compromised the personal information of hundreds of millions of people. In response, Senators Richard Blumenthal (D-Conn.), Edward Markey (D-Mass.), Sheldon Whitehouse (D-R.I.), and Al Franken (D-Minn.) introduced the Data Broker Accountability and Transparency Act to hold the data broker industry responsible for the privacy and security of the personal data they collect about consumers.
By now you’re probably familiar with the Equifax hack, but here’s a quick refresher: The names, addresses, and Social Security numbers of 143 million people were compromised in May because of an Apache Struts vulnerability. A patch was released in March, but Equifax never used it, and that led to this data breach. The company has also come under fire for its protective service’s arbitration clause.
Unlike other data breaches, which typically reveal information about people who sign up for the affected services, this hack endangered hundreds of millions of people who probably had no idea Equifax was even a thing. Consumers are the company’s product, not its customers. That means 143 million people who unwittingly gave their data to Equifax now have to live with the fear of having their identity stolen or finances drained.
That’s why these Democratic senators introduced the Data Broker Accountability and Transparency Act. Here’s what they want the act to achieve:
The Data Broker Accountability and Transparency Act allows consumers to access and correct their information to help ensure maximum accuracy. The legislation also provides consumers with the right to stop data brokers from using, sharing, or selling their personal information for marketing purposes. The bill additionally requires data brokers to develop comprehensive privacy and data security programs and to provide reasonable notice in the case of breaches. The legislation empowers the Federal Trade Commission (FTC) to enforce the law and promulgate rules within one year, including rules necessary to establish a centralized website for consumers to view a list of covered data brokers and information regarding consumer rights.
All of those changes would stop companies like Equifax from being a black box into which their customers—and anyone smart enough to exploit a months-old vulnerability or guess the world’s worst username / password combo—can peer. The data held by these businesses has a significant effect on people’s lives, whether it’s because companies base financial decisions on this data or because its theft puts them at risk of fraud.
Just to drive the point home: Nearly half of Americans now have to wonder for the rest of their lives if a company that gathered their personal data without their knowledge or consent didn’t take basic security precautions. This bill, which you can read in its entirety here, could help change that. That won’t do much to help people affected by the Equifax breach, but maybe it will help prevent a similar episode from occurring again.