Equifax Lobbied To Kill Rule Protecting Victims Of Data Breaches

If you want to know if you were one of the 143 million people whose data was breached in a hack of Equifax’s data, the company has a website you can use to find out — but there appears to be a catch: To check, you have to agree to give up your legal right to sue the company for damages. The outrage that clause has now generated could complicate the company’s efforts — backed by Republican lawmakers — to block an imminent rule that would ban companies from forcing customers to agree to such provisions.

On Friday, social media users spotlighted fine print on Equifax’s website that appears to force users to agree to waive their class action rights if they use the company’s website to see if their personal data was exposed by the recent hack. It is precisely the kind of arbitration clause that a pending Consumer Financial Protection Bureau (CFPB) rule is designed to outlaw — if Republicans and the Trump administration allow it to go into effect as scheduled later this month.

STRUCTURE SECURITY -- USE THIS ONENewsweek is hosting a Structure Security Event in San Francisco, Sept. 26-27. Photo: NewsweekGroupMedia

Federal documents reviewed by International Business Times show that in response to that 2016 rule, the Consumer Data Industry Association (CDIA) — which says it is “the trade association which represents Equifax” — pressed regulators to back off the proposed prohibitions, saying the regulations would subject data companies to tough penalties if during a class action suit they were found to have broken the law.

In one section of the letter, CDIA declares that federal regulators “should exempt from its arbitration rule class action claims against providers of credit monitoring products.” The letter asserted that allowing customers to sue companies “would not serve the public interest or the public good” because it could subject the companies to “extraordinary and draconian civil liability provisions” under current law. In another section of the letter, Equifax’s lobbying group says that a rule blocking companies from forcing their customers to waive class action rights would expose credit agencies “to unmanageable class action liability that could result in full disgorgement of revenues” if companies are found to have illegally harmed their customers.

Equifax’s lobbying group argued against the prohibition even as it acknowledged that a 2015 government study found “that credit reporting constituted one of the four largest product areas for class action relief” for consumers. Consumer groups countered the claims of CDIA and other rule opponents by saying the ability to file suit is necessary to protect Americans’ legal rights.

“The use of forced arbitration clauses has created a closed system where corporations allow court access only when it’s in their interest, where it is functionally impossible for consumers to recover small dollar amounts they are due under law, and where the deterrent effect of class actions has been lost,” wrote the Consumer Federation of America in a 2016 letter to the CFPB.

As written, the rule may not prevent Equifax from restricting customers’ legal rights as they seek to find out whether they have been harmed by this week’s data breach: The legal language says the arbitration provisions would apply only to contracts and terms of service six months after the rule goes into effect. However, the massive data breach and backlash against the company’s arbitration clause may impede Republicans’ efforts to repeal the rule.

“Equifax is doubling down on this data breach with a breach of that trust,” said Karl Frisch, executive director of consumer watchdog Allied Progress, in a press release. “This is nothing more than an underhanded attempt to deny the victims of this cyber attack their day in court… There couldn’t be a clearer example of why this new rule from the Consumer Financial Protection Bureau is so essential.”

With frustration about the breach and the website language simmering, Equifax issued a statement Friday evening. “In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident,” said the company. 

Equifax has delivered more than $500,000 of campaign cash to Republican lawmakers since the creation of the CFPB in 2010. During that time, congressional Republicans have waged a campaign to weaken the CFPB, culminating in this year’s Republican legislative proposals to repeal the rule and fully eliminate the agency. A top Trump-appointed regulator — former bank lawyer turned Acting Comptroller of the Currency Keith Norieka — has also previously pushed for the rule to be delayed.

According to government watchdog Public Citizen, 24 Republican senators co-sponsoring a bill to kill the arbitration rule have, over the course of their political careers, collectively received over $11 million in campaign contributions from commercial banks and over $100 million from the financial sector overall.

Equifax itself has directly lobbied the CFPB on the arbitration rule. Federal records show that since the second quarter of 2015, a team of lobbyists from Equifax’s own government relations shop lobbied the Bureau on the “Use of arbitration agreements involving consumer financial products and services.” This year, the company was still lobbying the CFPB; during the most recent period for which lobbying information is available, the second quarter of 2017, Equifax had five lobbyists personally pushing the CFPB to revise the rule.

The company and CDIA are also both lobbying Congress on a Republican-sponsored House bill, pointed out by journalist David Dayen on Twitter on Friday, that would cap class action damages at $500,000 and eliminate punitive damages altogether. The bill’s sponsor, Barry Loudermilk (R-GA), announced CDIA’s support.

A long-time CDIA lobbyist and former top staff member from the Senate Banking Committee, Geoffrey P. Gray, is now lobbying Congress on a Republican bill to repeal post-2008 financial regulations. Federal records show that Gray has been working specifically to influence “provisions related to the structure, powers, and funding of the CFPB.”

UPDATED 9:10 p.m.: This story was updated to include a statement from Equifax.

Powered by WPeMatico