<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1678611822423757&amp;ev=PageView&amp;noscript=1">
Defrag This

| Read. Reflect. Reboot.

Equifax Data Breach – Does The US Need Its Own GDPR?

Greg Mooney| September 08 2017

| security

Data breaches and identity theft are the norm in today’s cyber landscape, but the latest data breach at Equifax is a sucker punch to anyone who has a credit score in the US.

Update 9/11/17: Equifax is now allowing those who elect to use Equifax's free credit monitoring services in the wake of the data breach the ability to void the arbitration clause. Also, freezing your credit with Equifax is now being considered a better option other than free credit reporting. Equifax seems to not be charging for the credit freezes anymore. However, it may make sense to freeze your credit at TransUnion and Experian. 

The implications of this breach are massive and becoming quite the PR mess for Equifax. Basically, unless you have been living off the grid deep in the Amazon Rainforest, your social security number, credit card numbers, and more have been exposed.

You can check to see if your data was lost in the data breach here.  If so, Equifax is offering free credit reporting and identity protection for a year if you enroll in their TrustedID Premier service.  They even give you a date when you can come back to the site and sign up.

Two things seem problematic here. One is you get the sense they are leveraging your misfortune to sell you a product. The second, and most ironic, is that product is identity protection – the very thing they just made necessary.equifax-breach.jpg

Watch Out For The Arbitration Clause

But you may want to read the fine print before signing up for their services. The default seems to be that you are giving up your right to be a part of any class-action lawsuit. Instead you are accepting their arbitration clause. I’m not a legal expert, so I’m not entirely sure how binding this is, but it seems fairly evident from the Terms of Service on their website that you can waive your rights to participate in class action lawsuits.

So it would appear that this ‘free offer’ is less of an apology for losing your data in the first place and maybe more focused on covering Equifax’s potential exposure to huge financial losses.  

The Point of No Return

The most frustrating part of this breach is that we’ve reached a tipping point. There isn’t much we can do to protect ourselves at this point, the damage has been done. All of our information is out there on the market for a price, therefore all of us are vulnerable to identity theft. It is a case in point of why each and every one of us needs to stay vigilant about who has our data and what they are doing with it. Nobody else is going to do it for us. It also doesn't help that companies like Equifax obtain our data without our consent. 

At this point, we may have to consider a new deal of sorts on what our identity actual is and what it means to us.

Maybe biometrics needs to play a bigger role in identity protection, or maybe we all need new social security numbers. It isn’t far fetched. If a criminal has our name address, phone number, and social security number then there is nothing stopping them from pretending to be whomever they want. They have enough information to open new credit card accounts, take out loans, and even get access to more information that is sensitive.

Related: How To Assemble A Data Breach Rapid Response Team

Transparency Is Best PR In Wake of A Data Breach

Consumers can quickly read the moral compass of a company when a data breach occurs. If the company acts in a way that seems immoral, they risk ruining their reputation even more. This results in more class action lawsuits, civil suits, and smear campaigns. In Equifax’s case, the fact that some executives started selling off stocks before the breach became public speaks volumes.

Vice versa, if a company plays their cards right when a breach happens, they can turn a very negative situation into a small positive by being transparent and doing what they can to help those affected by a breach. Data breaches aren’t going away and every business is at risk, some more than others. Having the right plan in place that contains as much of the damage as possible may be the difference between living another day or going out of business.

The US Needs Its Own GDPR

Currently, US law does not protect your data. In most cases, laws merely dictate how quickly a company like Equifax has to notify us that they have lost it. Obviously, we need more protection and we need the companies who profit from our data to start taking a bigger role in protecting our personally identifiable information (PII). This will continue to happen unless there are strict fines and regulations.

Related: The GDPR And US Data Protection Regulations Diverge

Maybe we should take a lesson from our neighbors across the Atlantic. Regulations like the European Union’s General Data Protection Regulation (GDPR) actually dictate that personal information belongs to the person described by it – not the corporation that has it. GDPR gives EU residents the right to opt-out and notify a company that they can no longer use their data. Perhaps it is time for the US to start passing laws that protect its citizen's rights instead of large corporate interests.

Topics: security

Leave a Reply

Your email address will not be published. Required fields are marked *

THIS POST WAS WRITTEN BY Greg Mooney

Greg is a technologist and data geek with over 10 years in tech. He has worked in a variety of industries as an IT manager and software tester. Greg is an avid writer on everything IT related, from cyber security to troubleshooting.

Free Trials

Getting started has never been easier. Download a trial today.

Download Free Trials

Contact Us

Let us know how we can help you. Focus on what matters. 

Send us a note

Subscribe to our Blog

Let’s stay in touch! Register to receive our blog updates.