Bloomberg BNA: Massive Equifax Breach May Finally Push Congress to Address Notice

September 8, 2017
In The News

(BNA) -- A massive cyberattack against Equifax Inc. that affected almost half of the U.S. population may push Congress to pass a national data breach notification law, cybersecurity professionals and attorneys told Bloomberg BNA today.

Companies facing a data breach now must deal with the separate breach notification laws in 48 states and the District of Columbia. Bills to create a single federal data breach notice standard to preempt the state law patchwork have been introduced without success in every Congress since 2003, with interest peaking after major breach events. Whether the Equifax breach will spark a different result remains to be seen but a quick fix is unlikely.

U.S. credit bureau Equifax announced yesterday that it discovered a large-scale data breach July 29 that affected 143 million consumers. Equifax raked in $3.15 billion in fiscal year 2016 revenue, Bloomberg data show. The credit bureau gained $2.29 billion or 72.8 percent of its 2016 revenue from U.S. sources, the data show.

After the Target Corp. 2013 breach, Sony Pictures Entertainment Inc. 2014 breach, and Home Depot Inc. 2014 breach, lawmakers and industry stakeholders pushed for a national data breach notification standard to relieve corporate compliance burdens and provide clarity to consumers. Congress held hearings on the breaches and new legislation was introduced each time.

The Equifax data breach is eliciting a similar response from Congress.

Soon after Equifax’s disclosure of the breach, lawmakers on both sides of the aisle in the House and Senate reignited the debate on whether to adopt a single national data breach notification law. House Majority Leader Kevin McCarthy (R-Calif.), Reps. Maxine Waters (D-Calif.) and Ted Lieu (D-Calif.), and Sens. Mark Warner (D-Va.) and Ron Wyden (D-Ore.), all made public statements in support of a national data breach notice standard and further cybersecurity legislation.

The U.S. will eventually “reach a tipping point” where the size of a data breach, consumer’s response to the incident, the “political will” of lawmakers, and corporate interests will intersect to effectuate a national standard, Evan Wolff, privacy and cybersecurity partner at Crowell & Moring LLP in Washington, told Bloomberg BNA today. But a quick legislative result based on the Equifax breach is unlikely, he said.Representatives for Equifax didn’t immediately respond to Bloomberg BNA’s email request for comments.