LegalReader.com  ·  Legal News, Analysis, & Commentary

News & Politics

Equifax Breach Prompts Colorado Lawmakers to Improve Consumer Protections


— January 26, 2018

A lot has happened since the Equifax data hack that happened last year. Since news of the hack broke, businesses and lawmakers alike have proposed and even implemented safeguards to prevent similar hacks from occurring in the future. In fact, just recently Republican and Democrat lawmakers in Colorado have begun to “crack down on companies that collect and store personal information that could be used by identity thieves.”


A lot has happened since the Equifax data hack that happened last year. Since news of the hack broke, businesses and lawmakers alike have proposed and even implemented safeguards to prevent similar hacks from occurring in the future. In fact, just recently Republican and Democrat lawmakers in Colorado have begun to “crack down on companies that collect and store personal information that could be used by identity thieves.”

Unfortunately, data hacks such as the one that happened with Equifax are all too common and end up compromising private consumer data of thousands and even millions of consumers each year. This means that sensitive information like social security numbers, credit card numbers, birth dates, and even addresses are being stolen by hackers to be used in identity theft schemes or other illegal activities.

What made the Equifax hack so devastating, though, was how large it was. According to reports that went public back in September, cybercriminals “may have obtained the personal data of as many as 143 million Americans, leaving more than a third of the population vulnerable to identity fraud.” As if that wasn’t enough, Equifax “waited a full six weeks to disclose the breach to the public and tried to coax consumers into signing away their right to sue.”

Understandably, the public outrage was extreme and resulted in “the introduction of at least three bills before the Colorado General Assembly” alone. Of the three proposals, House Bill 1128, sponsored by Assistant House Minority Leader Cole Wist, R-Centennial, and Rep. Jeff Bridges, D-Greenwood Village, is the most significant because it would “require any company that maintains personal consumer data to securely destroy the information if it’s no longer needed.” Additionally, “it would also strengthen the state’s notification requirements, giving companies no more than 45 days to notify victims, and no more than seven days to notify the attorney general if more than 500 people are affected.”

Image of a Data Hack Graphic
Data Hack Graphic; Image Courtesy of Markus Spiske via Unsplash, https://unsplash.com/

Wist has personal experience with identity theft, as his personal information “was compromised in the BlueCross BlueShield data breach two years back.” When commenting on the ordeal, Wist said, “As a consumer, it was frightening, it was frustrating and it was daunting.” He added that after learning that his information was stolen, “he spent months and months closely monitoring his family’s credit reports for any unauthorized activity.

So if the bill passes, who will be responsible for enforcing it? For starters, the “attorney general’s office would be responsible for investigating and prosecuting violations under the bill,” according to Bridges. Additionally, companies would be required “to give consumers prompt information on how to protect themselves through fraud alerts and credit freezes.”

Fortunately for consumers, the bill has a lot of bipartisan support and “has a clear path to becoming law.”

Sources:

Colorado lawmakers look to bolster consumer protections after Equifax breach

Lawmakers Weigh Fines, Legislation After Equifax Breach

Join the conversation!