We’ll be observing the effects for “quite a hundred years until everybody is dead that was revealed by this breach,” said Paul Stephens, director of policy and support at the Privacy Rights Clearinghouse.
Lawmakers are now deciding to capitalize on customer outrage by working to pass bills that would make Equifax and other businesses like it more responsible to regular people like you and me, whose data they collect for profit. Right now your rights to learn about the piracy of your data and your ability to freeze your credit report depend on the state you live in. Lawmakers aim to create federal laws that expand your rights and make them the same, no matter where you live in the US.
But there’s a catch: Any advances will be incremental.
The bills are concentrated on single issues, and they don’t let you stop credit reporting agencies or anyone else from securing your data in the first place. So if we’re lucky, our retirement may improve in the wake of the Equifax breach. But just a little.
Let’s start with where information stand. At present, federal law requires organizations to tell you only about data breaches that affect particular healthcare information about you. In the case of financial data, only publicly traded organizations must tell you when hackers steal individually identifiable data. The rest of your rights come from state laws, which vary. A lot.
One of the federal bills would mandate that organizations notify you within 30 days for breaches that affect your Social Security number, email login data, and other sensitive data. The other bill would freeze your account for free indefinitely, something that isn’t currently a federal legal requirement.
If either bill states, it would be the broadest federal regulation of its kind regarding your rights in the wake of a data break.
Take your time to comment on this article.