July 12, 2018

Crapo Statement at Hearing on Credit Bureaus

WASHINGTON – U.S. Senator Mike Crapo (R-Idaho), Chairman of the U.S. Senate Committee on Banking, Housing and Urban Affairs, delivered the following remarks at a hearing entitled “An Overview of the Credit Bureaus and the Fair Credit Reporting Act.”
The text of Chairman Crapo’s remarks, as prepared, is below.
“Today’s hearing is entitled ‘An Overview of the Credit Bureaus and the Fair Credit Reporting Act.’
“Credit bureaus play a valuable role in our financial system by helping financial institutions assess a consumer’s ability to meet financial obligations, and also facilitating access to beneficial financial products and services.
“Given this role, they have a lot of valuable personal information on consumers and therefore are targets of cyberattacks.
“Last year, Equifax experienced an unprecedented cybersecurity incident which compromised the personal data of over 145 million Americans.
“Following that event, the Banking Committee held two oversight hearings on the breach and consumer data protection at credit bureaus.
“The first hearing with the former Equifax CEO examined details surrounding the breach, while the second hearing with outside experts examined what improvements might be made surrounding credit reporting agencies and data security.
“This Committee also recently held a hearing on cybersecurity and risks to the financial services industry.
“These hearings demonstrated bipartisan concern about the Equifax data breach and the protection of consumers’ personally identifiable information, as well as support for specific legislative measures to address such concerns.
“Some of these were addressed in S. 2155, the Economic Growth, Regulatory Relief and Consumer Protection Act, which included meaningful consumer protections for consumers who become victims of fraud.
“For example, it provides consumers unlimited free credit freezes and unfreezes per year.
“It allows parents to turn on and off credit reporting for children under 18, and provides important protections for veterans and seniors.
“Last month, a New York Times article commenting on the bill noted that, ‘one helpful change… will allow consumers to ‘freeze’ their credit files at the three major credit reporting bureaus- without charge. Consumers can also ‘thaw’ their files, temporarily or permanently, without a fee.’
“Susan Grant, director of consumer protection and privacy at the Consumer Federation of America expressed support for these measures, calling them ‘a good thing.’
“Paul Stephens, director of policy and advocacy at the Privacy Rights Clearinghouse, similarly noted that the freeze provision ‘has the potential to save consumers a lot of money.’
“But there is still an opportunity to see whether more should be done, and today’s hearing will help inform this Committee in this regard.
“Today, I look forward to learning more from the witnesses about: the scope of the Fair Credit Reporting Act and other relevant laws and regulations as they pertain to credit bureaus; the extent to which the Bureau of Consumer Financial Protection and the FTC, whom the two witnesses represent, oversee credit bureau data security and accuracy; the current state of data security, data accuracy, data breach policy, and dispute resolution processes at the credit bureaus; and what, if any, improvements could be made.
“States have begun to react in their own ways to various aspects of the public debate on privacy, data security, and the Equifax data breach.
“Two weeks ago, California enacted the California Consumer Privacy Act which will take effect on January 1, 2020.
“The Act, which applies to certain organizations conducting business in California, establishes a new privacy framework by creating new data privacy rights, imposing special rules for the collection of minors’ consumer data, and creating a damages framework for violations and businesses failing to implement reasonable security procedures.
“Many members are interested in learning more about what California and other states are doing on this front.
“Additionally, two weeks ago, eight state banking commissioners jointly took action against Equifax in a consent order requiring the company to take various actions regarding risk assessment and information security.
“I have long been concerned about data collection and data privacy protections by the government and private industry.
“Given Americans’ increased reliance and use of technology where information can be shared by the swipe of a finger, we should ensure that companies and government entities who have such information use it responsibly and keep it safe.”