The General Accountability Office (GAO) has recommended to Congress that that the Federal Trade Commission (FTC) be given the power to exact civil penalties on credit reporting agencies (CRA) that fail to secure their customer records
Here is an excerpt from a report in Reuters:
The Government Accountability Office also urged the Consumer Financial Protection Bureau (CFPB) to improve its oversight and supervision of such credit reporting agencies (CRAs).
Concerns over the security of consumer data, particularly with credit reporting companies, have loomed large since Equifax Inc’s massive data breach in 2017 that exposed the personal information of more than 143 million Americans in one of the largest hacks ever.
If the FTC had the power to fine such companies for violating data security provisions, that would boost consumer data security, given customers have few avenues to protect such sensitive information even after major data breaches, the GAO said.
Giving federal agencies greater oversight power, however, would run counter to the Republican Trump administration’s vows to reduce and curb federal regulations. “While companies in many industries have experienced data breaches, CRAs may present heightened risks because of the scope of sensitive information they possess,” GAO, an independent research arm of Congress, said in its February report.
[…]
U.S. House Oversight and Reform Committee Chairman Elijah Cummings and U.S. Senator Elizabeth Warren, the ranking Democrat on the Senate Banking panel’s consumer protection subcommittee and a presidential candidate for the party’s 2020 nomination, released the findings ahead of a congressional hearing on the issue.
“Vulnerabilities still exist,” they said in a statement. “We need to give the FTC more tools to crack down on consumer data abuses and the CFPB needs to do its job, hold these firms accountable, and protect consumers.”
