WASHINGTON, D.C. — U.S. Sen. Sherrod Brown (D-OH) – ranking member of the U.S. Senate Committee on Banking, Housing, and Urban Affairs – released the following opening statement at today’s hearing entitled, “Consumer Data Security and the Credit Bureaus.”
Brown’s remarks, as prepared for delivery, follow.
Thank you, Mr. Chairman.
Under current law, whether we like it or not, companies like Equifax can collect vast troves of personal information.
That includes information plucked from our work histories, our social media profiles, from rewards cards that track our purchases at the grocery store, and even information from our cell phones tracking our daily commutes.
Generally, these companies are free to combine and sell that information to all sorts of financial institutions and other data mining firms who use it to make decisions about us – like what kind of car or job we can get.
Corporations like Equifax rarely have to tell us exactly why or how those decisions are made – they get to hide behind “proprietary models” and “trade secrets.” It seems our laws protect big corporations’ use of people’s data a lot better than they actually protect people.
As the recent breach demonstrates, enhanced cybersecurity measures at companies like Equifax might work perfectly yet still do little to protect consumers’ data. While 145 million people have had their private data exposed, it doesn’t appear that any sensitive corporate data was accessed.
Because these businesses are not accountable to consumers, and because consumers have no choice over who is collecting their information, consumer protection is always an afterthought.
As we talk about the clearly inadequate protections for consumer data at Equifax, and those in place at the other consumer reporting agencies today, I hope we do not forget that the real victims of this hack are the 145 million people. That includes five million Ohioans, who through no fault of their own have had their personal information compromised.
I hope that at today’s hearing we don’t just talk about how we can strengthen cybersecurity. We do need to do that, but we also need to explore how to restore people’s control over their own information. And we need to examine whether the current credit bureau model makes sense for American consumers.
We know the credit bureaus have a long history of consumer complaints and inaccurate reporting that has long term effects on people’s ability to get a job or a house. Rather than addressing these problems, the credit bureaus have spent millions acquiring other data collection companies and branching out into new lines of business.
Despite their continued failure to provide accurate credit reporting services or to protect all of the data that they collect, their CEOs have been rewarded with enormous salaries and bonuses. Now, in an era of nonstop cyber threats, it seems like they have made consumers even more vulnerable.
Equifax made astounding amounts of money off of the consumer data it collected, but it will hardly pay a price for its recklessness. It is still collecting and storing our data, and in some cases we’re even giving it tax dollars to do it. I look forward to hearing today’s witnesses’ views on these matters.