After Equifax breach, anger but no action in Congress

[Richard Forno <rforno () infowarrior org>]

After Equifax breach, anger but no action in Congress

By MARTIN MATISHAK

The massive Equifax data breach, which compromised the identities of more than 145 million Americans, prompted a 
telling response from Congress: It did nothing.

Some industry leaders and lawmakers thought September’s revelation of the massive intrusion — which took place months 
after the credit reporting agency failed to act on a warning from the Homeland Security Department — might be the 
long-envisioned incident that prompted Congress to finally fix the country’s confusing and ineffectual data security 
laws.

Instead, the aftermath of the breach played out like a familiar script: white-hot, bipartisan outrage, followed by 
hearings and a flurry of proposals that went nowhere. As is often the case, Congress gradually shifted to other 
priorities — this time the most sweeping tax code overhaul in a generation, and another mad scramble to fund the 
federal government.

“It’s very frustrating,” said Rep. Jan Schakowsky of Illinois, the top Democrat on the House Energy and Commerce 
consumer protection subcommittee, who introduced legislation in the wake of the Equifax incident.

“Every time another shoe falls, I think, ‘Ah, this is it. This will get us galvanized and pull together and march in 
the same direction.’ Hasn’t happened yet,” said Sen. Tom Carper (D-Del.), a member of a broader Senate working group 
that has tinkered for years to come up with data breach legislation.

Every time lawmakers punt on the issue, critics say, they are leaving Americans more exposed to ruinous identity theft 
scams — and allowing companies to evade responsibility. With no sign that mammoth data breaches like the one at Equifax 
are abating, the situation is only growing more dire, according to cyberspecialists.

In the meantime, companies and consumers are left to navigate 48 different state-level standards that govern how 
companies must protect sensitive data and respond to data breaches. Companies say the varying rules are costly and 
time-consuming, while cyberspecialists and privacy hawks argue they do little to keep Americans’ data safe.

But while industry groups, security experts, privacy advocates and lawmakers of both parties agree that Congress must 
do something to unify these laws, no one has been able to agree on what that “something” should be.

< - >

https://www.politico.com/story/2018/01/01/equifax-data-breach-congress-action-319631
_______________________________________________
BreachExchange mailing list sponsored by Risk Based Security
BreachExchange () lists riskbasedsecurity com

If you wish to Edit your membership or Unsubscribe you can do so at the following link:
https://lists.riskbasedsecurity.com/listinfo/breachexchange