Everyone have to recognize one basic fact. WE are not the customers of Equifax, Experian, or TransUnion. That’s right- banks, credit cards, finance companies, employers- these are the customers of those agencies. But, the credit reporting firms feel that they have no obligation to keep our information- stuff we NEVER authorized them to collect- secure.
It’s why I advocate everyone joining a class action suit against Equifax. (Don’t expect to get a financial windfall from these lawsuits. They are the picnic table for lawyers and sharks, not for us consumers. No, the lawsuits should lead to the development of standards, so that responsibility will be clearly defined- and so, maybe, such breaches will never recur.) Right now, there are some 50 proposed class action lawsuits against Equifax.
And, don’t think it’s just Equifax. Experian had a breach two years ago, where they allowed 15 million T-Mobile customers’ data to be released in the wild. And, when that happened, folks were calling for free credit freezes and controls. But, the bureaus claimed that would be a terrible precedent and won’t solve any problems. BS! Their continued laxity led to this second, more widespread, breach.
Since we’ve never authorized these bureaus to collect our data, we have no relationship with them. We shouldn’t need to do one darned thing to ensure that their unauthorized collection of our data is secure.
Here’s the problem. Not only does Equifax collect our credit history- they also collect our payroll history. (They offer this service- our credit history and previous salary history to clients- at a fee!) They scrub social media to collect other private data of ours. And, then they sell that data- our data, our personal history- without our permission. Consider that Equifax grossed more than $ 3 billion last year selling our data.
And, Congress (back when it almost had a backbone) knew there was a problem with these companies back in the late 1960’s. You don’t have to take my word for it- look up the history of the Fair Credit Reporting Act of 1970. The problem is that was as far as it went.
Given our limited rights and the damage that Equifax has perpetrated, I’ve already discussed the basic protection steps we can take. Oh, wait, they really aren’t protection steps- since our data is already loose on the web. They are only small steps that can barely mitigate the harm that Equifax did to us.
For real protection, instead of a credit freeze that we may request, the system should be turned on its head. Equifax, Experian, TransUnion should be required to contact us each and every time some entity wants our credit information. And, can only release that data if we say yes. With fines and penalties imposed should our credit data is released without our prior permission. Sure, that can slow down the approvals for our credit vehicles. And, it also means that the credit bureaus can’t sell our data to firms who then fill our mailboxes with offers for new credit cards. Another small loss. (NOT!)
We need to have the laws changed. We need to retain the rights to our personal data. It is NOT the data of the credit bureaus- it is OUR data they are mercantiling every which way to hell. And, despite the claims to the contrary, there are no good intentions on this pathway to hell.
For example, Summit Credit Union (Madison, WI) is suing Equifax for damages. Why? Because they are going to have to have reissue new credit cards and cancel old ones as a result of this Equifax breach. Plus, the credit union is going to have to eat a bunch of fraudulent charges. (As required by current law, banks and credit cards can’t charge consumers when a purchase has been made fraudulently. And, that becomes the credit issuer’s loss.)
This is not a novel development, either. Target had to shell out almost $ 40 million to banks and credit unions when they were hacked in 2013. Oh, the issuers of Visa cards collected almost $ 70 million in damages. (Target consumers only got $ 10 million. Obviously, we consumers don’t count very much.)
Maybe- if the GOP fails in its other crusade- to strip the Consumer Financial Protection Bureau (CFPB) of its powers- the CFPB will stipulate that the data that credit bureaus collect is, indeed, ours. And, the bureaus will have to obtain our prior permission before they divulge any aspects of our lives.
By the way, in an effort to stave off the regulatory response that may ensue to protect consumers, Equifax fired their CEO (with a not-too-shabby $ 18 million parachute) and now promises by 1 February 2018 to offer us a service (their words, not mine) that should have been the norm decades ago. For no fee, we will be able to preclude anyone from accessing our EQUIFAX (yes, we need this service to be free from Transunion and Experian, too) credit history without our permission. We will have to lock our history- and unlock it (but I’m guessing that will be for everyone- not just the entity from whom we want credit)- and lock it again, when our credit app is complete. I want there to be a regulation- one that will cover all the agencies and have penalties for their failure to adhere to it. (You know there are no penalties if it’s their own policy.)