It’s all fun and games until somebody gets hurt.
Rolling back regulations, particularly on financial firms, is the ongoing mantra of the Trump administration and the Republican Congress. In fact, back in January, President Donald Trump actually signed an executive order requiring that for every new regulation passed, two had to be rescinded. Here’s what he said at the signing ceremony:
“If you have a regulation you want, No. 1, we’re not gonna approve it because it’s already been approved probably in 17 different forms. But if we do, the only way you have a chance is we have to knock out two regulations for every new regulation. So if there’s a new regulation, they have to knock out two.”
At first blush, this may seem like a great idea. Nobody wants to get tangled up in the red tape of needless regulation. But the recent massive Equifax hack potentially affecting nearly every American adult is a stark reminder that sometimes regulations are there for a reason. If you doubt it, consider the following.
On Thursday, Sept. 7, credit bureau Equifax announced the most devastating breach of personal information in our nation’s history: Up to 143 million Americans had their names, Social Security numbers, birthdates, addresses and, in some instances, driver’s license numbers compromised.
On the very same day, Congress held a hearing called Legislative Proposals for a More Efficient Federal Financial Regulatory Regime. It aimed to advance a bill called the FCRA Liability Harmonization Act, which would alter a law called the Federal Consumer Reporting Act. In short, this change would lower penalties when credit bureaus like Equifax harm consumers.
The bill would eliminate all punitive damages and cap compensatory damage awards at $500,000 for any class action lawsuit filed against credit bureaus under the Fair Credit Reporting Act. Here’s a portion of the press release from the bill’s sponsor, Rep. Barry Loudermilk, a Georgia Republican:
“When employers have to spend their time and effort defending themselves from frivolous lawsuits, job creation remains sluggish and Americans’ paychecks become stagnant. This is unacceptable after the lackluster growth of the last eight years. My bill protects both consumers and businesses by bringing liability under the Fair Credit Reporting Act in line with other consumer financial protection laws.”
It’s easy to see how this bill protects businesses like Equifax from lawsuits. No matter what they do to expose your personal information, put your credit in jeopardy, or otherwise make your life a living hell, they’ll suffer no punitive damages at all and a maximum of $500,000 in compensatory damages for an entire class of affected consumers.
If $500,000 sounds like a lot, let’s put it in perspective. In 2016, Equifax made $728 million in pretax profit. This bill would limit their damages to $500,000, or 0.07 (7/100 of 1 percent) of that profit. If you think that’s enough to dissuade them from behavior that harms consumers, let me assure you, it isn’t.
The world’s cheapest insurance policy
Say you make $100,000 a year and you could buy an insurance policy guaranteeing that no matter what you do or how many people you do it to, you can’t be on the hook for more than 0.07 percent of your pretax income. That’s $70. Now imagine that if you’re willing to play a little fast and loose in your business practices, you can make a lot more money. Would a potential $70 judgment dissuade you?
That’s the insurance policy Rep. Loudermilk apparently would like Equifax and its peers to have.
It’s an insurance policy I’d certainly be happy to purchase. And Equifax and the other credit reporting agencies don’t even have to pay for it. Some of our elected representatives are attempting to hand it to them absolutely free of charge.
So now we see how Equifax would benefit from this proposed law. What’s a little more difficult to discern is exactly how this bill protects consumers. It’s consumers, not Equifax, who elected Barry Loudermilk. It’s consumers who pay his salary. How can he justify letting them get crushed while letting Equifax and its cohorts operate with virtual impunity?
As you might imagine, Rep. Loudermilk isn’t happy with the publicity the poor timing of his bill has stirred up. In a more recent press release, he says in part:
Reports that this bill would grant any immunity to Equifax for liability in this data breach are completely false. The bill does not give any immunity from prosecution or civil lawsuits for wrongdoing to any business. Furthermore, data breaches are governed by state laws, not the FCRA, so this bill would not apply to Equifax in this case at all with respect to the 143 million people whose personally identifiable information was compromised.
I’ll take Rep Loudermilk at his word and assume his bill wouldn’t let Equifax off the hook for the recent breach. But there’s no doubt it shields them from other wrongdoing. The Los Angeles Times cites an example:
Take the case of Oregon resident Julie Miller, who said she repeatedly reached out to Equifax from 2009 to 2011 to correct errors in her credit report.
In 2013, a jury awarded Miller $180,000 in compensatory damages and a whopping $18.4 million in punitive damages, reflecting a sense among outraged jurors that Equifax just couldn’t be bothered to help a distressed consumer.
Under Loudermilk’s bill, Miller’s compensation would have been limited to the $180,000 in compensatory damages, with no punitive damages possible.
So maybe Rep. Loudermilk is right and the recent massive breach wouldn’t be covered by his proposed changes to consumer protections under the FCRA. But it almost certainly would help Equifax and hurt consumers in other ways.
And here’s the alarming part. Did you know that Rep. Loudermilk and some of his peers were attempting to modify existing consumer protections in a way that could hurt you and benefit companies like Equifax? I didn’t, and following things like this is what I do for a living. It only came to my attention because of its proximity to the Equifax data breach. But Loudermilk’s proposal, and other attempts to change regulations are happening with regularity these days.
I’m going to try to keep a sharper eye out. I strongly suggest you do the same.