October 17, 2017

Crapo Statement at Data Security Hearing

WASHINGTON – U.S. Senator Mike Crapo (R-Idaho), Chairman of the United States Senate Committee on Banking, Housing and Urban Affairs, today delivered the following remarks during a full committee hearing entitled: “Consumer Data Security and the Credit Bureaus.”

The text of Chairman Crapo’s remarks, as prepared, is below.

“The Committee will come to order.

“As a follow-up to our hearing on the Equifax data breach, today we will receive testimony on the protection of consumer data at credit bureaus.

“At the Equifax hearing, members expressed interest in better understanding how credit bureaus are regulated, how they protect consumer data, and whether there are gaps that Congress needs to fill.

“I have long been concerned about the ever increasing amounts of ‘big data’ collected by companies and the government.

“It is critical that personal data is protected, consumer impact in the event of a breach is minimized, and consumers’ ability to access credit is not harmed.

“Credit bureaus play a valuable role in our financial system by helping financial institutions assess a consumer’s ability to meet financial obligations, and also facilitating access to beneficial financial products and services. 

“The inherent nature of the credit bureau business, as with most businesses in this digital age, requires utmost data security measures to ensure that sensitive consumer information is safeguarded.

“Two weeks ago, Equifax testified about the methods it uses to protect its consumer databases, such as encryption at rest and tokenization.

“Former Equifax CEO Richard Smith noted that while some of Equifax’s databases are encrypted at rest, the dispute portal that was compromised was not.

“Questions remain about the best ways to protect sensitive data, including:

“Are there data security industry standards and best practices at credit bureaus?

“Should tools like encryption at rest be employed to protect all data containing sensitive consumer information?

“What role do financial institutions and federal agencies play in data security at credit bureaus?

“Given that credit bureaus are financial institutions under the Gramm-Leach-Bliley Act, how does data security, testing and oversight by regulators compare to that of traditional financial institutions?

“I look forward to hearing from our witnesses about what credit bureaus do to ensure security for the data they collect; who oversees credit bureaus to ensure they have adequate security measures in place; and what improvements could be made to the oversight of data security at credit bureaus.

“There are also many concerns regarding company response to data breaches.

“The Equifax breach has left more than 145 million consumers a bit confused as to what can be done to mitigate damage to their identities and credit. 

“We do know that starting in January, Equifax will offer all customers the ability to lock or unlock their credit files for free. 

“Additional products have also been offered from Equifax and the other credit bureaus for consumers to monitor or freeze their credit reports. 

“Many consumers remain confused about which options are best for them, but this hearing will hopefully provide some additional clarity. 

“We have a shared interest on this Committee in ensuring that credit bureaus take the necessary measures to safeguard personal data and minimize risk of another massive data breach.”