As it usually is after some major event that adversely affects anything, the politicians all come out with their “recommendations” for correction of the problem and ways to avoid it in the future. No, I am not talking about the horrific event in Vegas or gun control.
I’m referring to the data breach of consumer non-public personal information at Equifax. Now all the politicians come forward, on both sides of the aisle, saying there should be a law. Some dozen or so bills have been introduced on this issue. We need a watchdog over the three repositories and of course, that should be the federal government.
We have hearings, bills introduced, bi-partisan support, and a myriad of opinions and recommendations, all trying to do something to reign in these mega-entities who collect and store huge amounts of consumer private data. But wait…some say that ain’t enough.
“How do we make sure that the entire food chain and infrastructure of a credit reporting agency is secure and who has that responsibility?” asked Howard Tischler, CEO of EverSafe, a fraud prevention company. “The focus right now is on the credit reporting agencies but there have been 1,000 other known breaches this year, so shouldn’t [regulators] be looking at the broader issue of how do you regulate or prevent breaches?”
That translates into any company that may collect, house, report, or have any access to a consumer’s information. That could include just about every business, especially one that accepts credit cards. I understand the need for security but realistically how far does it go.
A Bill introduced by Rep McHenry (R/NC) proposes that the Federal Financial Institutions Examination Council (FFIEC) update its cybersecurity handbook to establish uniform standards that will include those that the repositories must follow. The bill also directs FFIEC to designate which agency should act as an examiner.
Interestingly, the CFPB, which Republicans are trying to defang, presently has the examination responsibility for the three repositories. They weren’t mentioned in McHenry’s Bill. Guess that may be the next battle…who gets oversight?
It may not matter as this may be like herding cats. With the constant advances in technology, the ink wouldn’t be dry on any new laws before some data breach would require amendments and new improved guidelines. As I’ve said before, build better security and they’ll build a better hacker.
Maybe it should be a very simple law that says that any entity that deals in consumer non-public personal information must employ adequate security measures to ensure that information is protected. As you can tell, I’m a pretty simple guy. I know, what would be the penalty if they don’t? What do you think it should be?
I’m for data security, my identity was hacked, and it ain’t an easy thing to go through.
I’m not sure how we address the quest for complete cybersecurity? Hopefully, those much wiser than I will find a way.
Until then it’s up to us to protect our personal information, and up to lenders to protect themselves against identity thieves, who will use the info to create fraudulent loans. It won’t be easy, but then again, anything worthwhile usually isn’t.
The game has changed. Play different. Lend carefully, my friends. LoanLogics can help…