Senator Carlucci Announces 8-Point Plan to Address Equifax Hack
New York, NY - October 24, 2017 - Senator David Carlucci announced an 8-point plan to respond to the massive data breach involving Equifax. The plan is the result of a hearing held on September 28 by the Senate Consumer Protection Committee (chaired by Senator Carlucci).
The Equifax data breach was one of the largest in U.S. history, affecting an estimated 145.5 million Americans, or 45% of the entire population. This included 8 million New Yorkers. Data compromised by the breach included social security numbers, driver’s license numbers, birthdays, home addresses, and telephone numbers.
Following the hearing, Senator Carlucci released an extensive report detailing the committee’s findings and recommendations. These include a 8-point plan that addresses a host of concerns relating to data breaches and identity theft. This plan takes a number of actions:
- Expanding the Definition of Private Information: We recommend the enactment of S. 6890/A. 8709 by Senator Carlucci and Assemblywoman Fahy, which expands the definition of “private information,” the disclosure of which would trigger state data breach protocols to include birth dates, home addresses, and telephone numbers. It also removes the requirement that credit card, debit card, and bank account numbers be disclosed along with passwords or security codes to be considered a breach.
- Give New York State Statutory Authority Over Credit Reporting Agencies: We recommend enacting S. 6878 by Senator Comrie, giving the New York State Department of Financial Services (DFS) licensing authority over credit reporting agencies, as well as the ability to review their records.
- Drastically Reduce Notification Time: We recommend the enactment of S. 6891 by Senator Carlucci, requiring that a preliminary notification that a breach may have occurred be sent to the Attorney General within 24 hours and to all effected parties within 48 hours. We also recommend the enactment of S. 1104A by Senator Valesky, requiring that notification that a breach has occurred be sent to all effected parties and the Attorney General within 45 days.
- Set Minimum Data Security Standards for All Large Companies: We recommend the reintroduction and enactment of the Data Security Act. This bill sets minimum, flexible data security standards for credit reporting agencies and other entities including reasonable data safeguards, independent audits by licensed auditors, and a safe harbor provision for those who meet heightened federal standards.
- Making Credit Freezes Free for All Consumers: Under current law, only an initial credit freeze is free, regardless of whether a breach has occurred. However, companies can charge up to a $5 fee unfreeze or refreeze your credit. We recommend the enactment of S. 6891 by Senator Carlucci, requiring that companies offer free credit freezes and unfreezes to all New Yorkers at any time.
- Providing Free Credit Monitoring to All New Yorkers: We recommend the enactment of S. 6912 by Senator Carlucci, requiring that companies that suffer a data breach provide free credit monitoring services to effected parties for one year following a breach.
- Free FICO: We recommend the enactment of S. 6913 by Senator Carlucci, which would implement a public outreach program to help educate New York consumers about their rights to access their credit report under the federal Equal Credit Opportunity Act, as well as the workings of FICO scores. S. 6914, also by Senator Carlucci, implements a broader education and outreach program to inform consumers about topics such as their rights to notification of a data breach, credit freezes, and credit monitoring, among other topics. Additionally, we call on the federal government to make access to credit reports and FICO scores free in all cases, for all consumers, at any time.
- Allow Consumers to “Opt-In” to Any Sharing of Their Personal Information: We recommend the enactment of S. 5576 by Senator Carlucci, requiring internet service providers to provide customers with a copy of their privacy policy and to obtain written and explicit permission from a customer prior to sharing, using, selling or providing any sensitive information to a third party.
“The Equifax breach put into stark contrast the degree of the threat posed by identity thieves and hackers. The time for action is now – and we are taking action. This 8-point plan takes a comprehensive approach to combating data breaches and identity theft. I call upon the legislature to make it a top priority during the upcoming legislative session and to swiftly enact it into law.” Carlucci said.
For more information please contact Senator Carlucci’s office at (845) 623-3627.