Representative Loudermilk is STILL trying to protect Equifax instead of consumers

U.S. Representative Barry Loudermilk is still trying to give immunity to Equifax for its utter failure to protect the private information of over 143 million Americans and its subsequent bungling of the data breach it allowed to happen.

Prior to the breach (allegedly, since we really don't know when the breach actually happened since we only have Equifax's word that the breach occurred in late May through early June), Representative Loudermilk, who is a U.S. Representative from Georgia, the home state of Equifax, proposed legislation that, if passed, would gut the protections afforded consumers by the Fair Credit Reporting Act.  The proposed legislation, H.R. 2359, would change the Fair Credit Reporting Act in two ways, both of which are very damaging to consumers and, not by coincidence, very favorable to Equifax and the other credit bureaus.

First, it would eliminate punitive damages.  Yes, the one thing that big corporations like Equifax are scared of is a punitive damage award.  Their profits are soooo great that an award of just compensatory damages will never be enough for them to really notice in the long term.  Punitive damages, however, are used to punish a corporation for its wrongdoing.  Equifax, as seen by its shenanigans of first hiding the data breach and then trying to pull a fast one to get its victims to give up their right to sue, is up to its eyeballs in wrongdoing.  Equifax's conduct is the type of conduct that deserves a punitive damages award against it, since their conduct is willful, intentional and not just a mere accident or negligent mishap.  So H.R. 2359 would benefit Equifax in that way.

Further, and more importantly in the context of consumers getting justice for Equifax's negligently allowing the data breach to happen, H.R. 2359 caps what consumers can get via a class action at $500,000.  Not per consumer, per class action.  And, since all of the approximately 100 class actions filed against Equifax for the data breach will ultimately be merged into one big class, that means 143 million plus victims of the data breach (less those who wisely opt out and file individual lawsuits) will have to split a measly $500,000 if Representative Loudermilk's bill becomes law.  If my math is correct, that is roughly 3 cents per victim.  Yes, three cents.  Three shiny pennies.  How is that justice?!

And, instead of backing away from his bill like its a grenade about to explode, Representative Loudermilk released the following statement:

"The data breach at Equifax has placed an unimaginable number of Americans’ personal information at serious risk. Not only must Equifax be held accountable for the breach of their systems, they must also be held accountable for their failure to notify the public of the breach in a timely manner. Businesses such as Equifax that obtain and store massive amounts of information on individuals must be held to the highest data protection standards. I will be working with the Financial Services Committee on investigating this data breach and the inadequate response of Equifax executives. Furthermore, we have already begun working on legislation mandating businesses to notify consumers affected by data breaches in a timely manner.

"Unfortunately, the outrage that followed the announcement by Equifax caused a gross mischaracterization of a bill that I have been working on since early this year. It was falsely reported that this bill (H.R. 2359) was introduced to give immunity to Equifax from any liability over this data breach. This couldn't be further from the truth. The FCRA Liability Harmonization Act (H.R. 2359) was introduced back in May, and is aimed at curbing frivolous class action lawsuits against businesses under the Fair Credit Reporting Act (FCRA). The businesses affected by FCRA lawsuits include community banks, credit unions, auto dealerships, retailers, and many other small businesses that extend credit to consumers.

"Reports that this bill would grant any immunity to Equifax for liability in this data breach are completely false. The bill does not give any immunity from prosecution or civil lawsuits for wrongdoing to any business. Furthermore, data breaches are governed by state laws, not the FCRA, so this bill would not apply to Equifax in this case at all with respect to the 143 million people whose personally identifiable information was compromised.

"Finally, given the unfounded attacks on me and the rampant misinformation circulating about this legislation, the Financial Services Committee has not scheduled further action on any bill at this time."

So Representative Loudermilk is claiming that his bill would not grant immunity to Equifax?  While technically true, being capped at paying three cents a victim is about as close to immunity as one can get.  For Representative Loudermilk to make this grossly misleading statement is deplorable.  He obviously cares more about Equifax, his campaign donor, than he does about consumers, including his constituents.  I hope the people of the 11th Congressional District of Georgia are paying attention to whose side Mr. Loudermilk is one, because it sure isn't theirs.