Posts tagged ‘Equifax data breach’

Gillibrand Proposes Data Protection Agency

Data protection is the legislative equivalent of the weather: everyone talks about it but no one does anything about it. So I was pleased to see that Senator Gillibrand unveiled a bold proposal yesterday to create a Data Protection Agency.

As of ten minutes ago the text of the bill was not yet available online but, according to her press release the DPA’s core responsibilities would be giving Americans greater control of their own data by creating and enforcing data protection rules—ensuring fair competition “within the digital marketplace” and preparing America for the Digital Age by advising Congress on emerging privacy and technical issues. This last proposal is a bit unsettling since I kind of thought that Congress knew we were already in the Digital Age and was reading up about it.

You don’t have to be Nostradamus to figure out that the agency would promulgate a California/European regulatory regime on companies and crackdown on potentially anti-competitive practices of Facebook, Google and Amazon. It would be overseen by a Director serving a five year term.

Now it’s way too early to say whether this is a good or bad idea. But let’s be honest, given the current political divide in Congress, this proposal has as much chance of becoming law any time soon as Donald Trump does of giving up tweeting for Lent. But in the eight years since U.S. Attorney for the Southern District in New York, Preet Bharara, warned of a WWII style cyber-attack against this country, the situation has only gotten worse, not better. We’ve grown so used to the idea of cyber breaches that news that the Chinese government stole personally identifiable information from almost half of America’s citizens is met with a shrug. Anything that wakes us up and gets us talking about taking on data protection issues on a national level is a step in the right direction even if some of the specifics need to be refined.

On that note, enjoy your Presidents’ Day Weekend. I will be back on Tuesday.

February 14, 2020 at 9:09 am Leave a comment

Are The Stars Aligning for Sensible Data Privacy Reform?

That’s the question I have been asking myself lately and I am cautiously optimistic that the answer is yes.

First there is Banking Chairman Mike Crapo’s list of his key priorities to this legislative session. Right after housing reform (more on that in future blogs) and further reforms to capital markets comes data protection, privacy and security. Courtesy of our good friends at Facebook, Russian hackers and massive data breaches such as that which occurred with Equifax, the American public has woken up to the dangers of unregulated data markets and poorly protected personal information.

Why is this important? Because for too long this debate has been framed as one between merchants who don’t think they should be subject to increased data security requirements and credit unions and banks which correctly argue that the current system imposes baseline federal and state data security standards on them which unregulated businesses simply undermine due to their lax in security standards.

In addition, this is a concern that is crossing party lines. Facebook’s image as the hip kid on the block has taken a huge hit not only because of the Russian campaign scandal but because of its hardball tactics employed against competitors who dare to criticize their business model.

Bottom-line: This is one of the few areas where we might be able to forge bipartisan support. Expect one of the big sticking points to be preemption. To me it makes sense to have a unified set of baseline data security standards and notification requirements but in talking to congressional staffers last year it’s safe to say that some in the House of Representatives vehemently disagree with this approach. They point to the cyber security regulations imposed on state chartered institutions in New York as an example of the type of regulations that shouldn’t be blocked by federal law.

Finally, recent rulings dealing with the Equifax data breach demonstrate why one of the issues that both state and federal legislators have to take a look at is standing. Before you can sue someone you have to demonstrate you are harmed by their actions. Although many litigants were recently allowed to continue their lawsuits against Equifax, the same Georgia court also ruled that only financial institutions which issued compromised cards that had to be replaced or which resulted in fraudulent transactions could demonstrate actual harm. (IN RE EQUIFAX, INC., CUSTOMER DATA SECURITY BREACH LITIGATIONMDL DOCKET NO. 2800 1:17-md-2800-TWT) The problem with this standard is that it does not adequately account for the harm done to banks and consumers simply by the fear that their compromised personal information may be used against them at a future time.

On that note, stay warm and enjoy the rest of your day.


January 31, 2019 at 9:29 am Leave a comment

Authored By:

Henry Meier, Esq., Senior Vice President, General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association. In addition, although Henry strives to give his readers useful and accurate information on a broad range of subjects, many of which involve legal disputes, his views are not a substitute for legal advise from retained counsel.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 653 other followers