The Equifax breach is already set to join a long line of important news stories that the public shoves off far too quickly for anything groundbreaking or productive to be done about them. The ignorance and ambivalence on all fronts of this issue are frankly unacceptable, especially in considering how important the issue it calls attention to is.
For the uninitiated, Equifax is one of three credit reporting organizations. Their job is to scour thousands of databases, from social media to criminal history to employment records, in order to come up with a full report and a credit score for people. The important thing to realize here is that Equifax is able to collect and organize data about people without them necessarily even knowing, so long as this information is only used to make them a profit legally.
Equifax, along with competitors Experian and Transunion, collectively hold data on most adults in the United States. Therefore, the report that hackers were able to extract information (including social security numbers, driver’s licenses, addresses, etc.) from 143 million people through Equifax is very alarming, especially to those affected. The larger implications of Equifax and other firms’ responses, however, conveys even scarier implications about the privacy of U.S. citizens.
There was a laundry list of missteps carried out by Equifax in the fallout of their breach. First was the delay to responses: While the hack was discovered at the end of July, the public was not notified of this serious issue until early September. When the company did eventually admit to their blunder, they immediately got to work protecting only themselves. If a person sought to find out if their data was leaked, they had to cede their right to seek legal action against Equifax. Blatant, callous and unthinking acts continued to the point where I worry for the sanity of their PR department.
Now there is fear that nothing will change. While many are taking Equifax to court, many companies have unfortunately confirmed that its relations with other credit reporting agencies (delivering data on their employees to them so that they may keep purchasing credit reports) will continue, unchanged. In fact, therein lies the real issue with Equifax and other credit reporting agencies. Regular people are not their consumers but rather just the product. The only groups that Equifax has to answer to financially are other firms with which they want to maintain business relations.
If these large corporations that handle the personal data of Americans do not have to answer to the public financially, the only other route is to take political action. While the lawsuits may aid those that will face insecurity for years as a result of this blunder, actual regulation of the credit reporting agencies is central to ensuring that this process does not repeat. The Equifax breach occurred, in all likelihood, because they neglected to update their cybersecurity measures for months. More accountability measures needs to be put in place so that mistakes like this do not happen again. Limits as to what these companies can see and collect about people also must be carefully considered. Just because information can be gathered through some less-than-legitimate means does not mean it is right or fair to do so.
However, I understand the challenge for law in keeping up with the pace of the Information Age. It certainly does not help when Equifax and companies alike, spend millions of dollars lobbying Congress to slacken personal privacy laws. Breaches like this are evidence of what happens when those impediments get in the way of sensible policy. People deserve an adequate level of security, privacy and confidentiality, and the current system is doing a very poor job of ensuring that. Lawmakers owe better to their constituencies, especially when it is painfully obvious that companies like Equifax don’t feel they owe us anything.
Peter Fenteany is a campus correspondent for The Daily Campus. He can be reached via email at firstname.lastname@example.org.