Equifax has agreed to pay $575 million to settle consumer as well as state and federal regulatory claims for its 2017 data breach. This is the largest data breach settlement to date.

2017 Data Breach

At the federal level, the FTC and CFPB both filed complaints against Equifax. The FTC complaint alleges Equifax was aware

A new bill introduced by House Financial Services subcommittee Chairman Rep. Blaine Luetkemeyer would significantly change data security and breach notification standards for the financial services and insurance industries. Most notably, the proposed legislation would create a national standard for data security and breach notification and preempt all current state law on the matter.

Breach

Arizona Governor Doug Ducey signed HB 2154 into law on April 11, 2018, amending and strengthening the state’s data breach notification law. Notably, the amended law significantly expands the definition of “personal information” to include a number of new data elements, including online account credentials, certain health information, and biometric data used to authenticate an

In the absence of federal action, state legislators continue to propose bills that would increase data privacy and security protections for consumers.  Any entity that does business in these states or maintains confidential information of their residents should monitor the legislation to determine whether and how the proposed changes may affect operations.

The bills are

Equifax announced on September 7, 2017 a massive data breach affecting an estimated 143 million consumers.  Richard Cordray, the then Director of the CFPB, shortly thereafter authorized an investigation according to several media reports.  Reuters reported yesterday that the investigation sputtered since then, according to several government and industry sources.  That is not surprising since

The recent data breach disclosure by Equifax raised an outcry from consumer advocates trying to link the data breach to the Consumer Financial Protection Bureau’s (CFPB) final arbitration rule.  They are portraying this cybersecurity incident as a prime example of why class actions are needed to protect consumers, hoping to persuade the U.S. Senate not