Mobile Menu - OpenMobile Menu - Closed

Hearing Recap: Subcommittee on Economic and Consumer Policy Examined Improving Cybersecurity at Consumer Reporting Agencies

Mar 27, 2019
Press Release

Washington, D.C. (Mar. 27, 2019)— This week, the Subcommittee on Economic and Consumer Policy, chaired by Rep. Raja Krishnamoorthi, held a hearing on “Improving Cybersecurity at Consumer Reporting Agencies.

TAKEAWAYS & BACKGROUND

  • Consumer Reporting Agencies (CRAs) possess troves of highly sensitive personal information about nearly every American.  They collect information about consumers from businesses, package it into credit reports, and then sell the credit reports to third parties for use in making financial determinations.

 

  • CRAs are at high risk of attack from hackers.  The Equifax data breach highlighted the full extent of that risk when cyber-thieves gained access to the personal information, including Social Security Numbers, of 147.9 million people.

 

  • Without government regulation, the free market will not improve the data security practices of CRAs, because consumers have no say in whether or not CRAs collect their personal data and how well they protect it.

 

  • Federal regulators do not have the tools they need to incentivize better data security at CRAs.  The Federal Trade Commission (FTC) requires CRAs to implement reasonable safeguards to protect consumer information, but cannot seek a penalty when a company violates their rules.

 

  • Both the independent Government Accountability Office (GAO) and the FTC testified that federal regulators need additional tools to improve data security at CRAs.  And both strongly support Congressional action to allow FTC to penalize CRAs that fail to protect consumer information.  FTC penalty authority will deter CRAs from future bad acts.

 

  • While discussing its report on consumer data protection by CRAs, released earlier this week by Chairman Elijah E. Cummings and Senator Elizabeth Warren, the GAO highlighted the need for the Consumer Financial Protection Bureau to continue to monitor CRAs’ data security through their supervisory examination power.

 

WITNESSES

Andrew Smith

Director, Bureau of Consumer Protection

Federal Trade Commission

Michael Clements

Director, Financial Markets and Community Investment

Government Accountability Office

Mike Litt

Consumer Campaigns Director

U.S. PIRG

Jennifer Huddleston

Research Fellow

Mercatus Center at George Mason University

 

Videos

Watch Chairman Krishnamoorthi’s opening statement.

Watch Rep. Pressley’s question line. 

116th Congress