Equifax: 4 ways NY hopes to prevent another breach

Cuomo Proposes New Rule For Credit Agencies

ALBANY -- The Equifax data breach spurred a new plan Monday to give New York bank regulators broad power to block a credit-reporting agency's ability to operate in the state.

Gov. Andrew Cuomo's administration unveiled a proposal to more strictly regulate the credit-reporting industry in response to the massive breach, in which hackers gained access to the personal information of more than 143 million Equifax users.

Here's four ways the new plan could tighten up the credit-reporting industry:

1) NY would get more power

The Department of Financial Services is moving ahead with new regulations that would require credit-reporting agencies like Equifax and Experian to register with the state in order to operate in New York.

It would give state regulators way more power.

How? The state's financial services superintendent would have the ability to reject their registration requests if the company is "not trustworthy and competent to act as" a credit-reporting agency.

That very broad language could give state regulators wide-ranging power to block a company's ability to operate in New York if, say, they suffer a massive data breach.

2) Equifax and others would have to register annually

The credit-reporting agencies would have to register each and every year under the proposed regulations, beginning in February.

That means they would need annual state approval to operate in New York, requiring regular reviews of their fitness to handle sensitive information like Social Security numbers.

The constant approval process is meant as a deterrent: The companies would know they face the threat of a registration denial if they run afoul of state rules or don't protect consumer information.

A spokesperson for Equifax could not immediately be reached for comment Monday.

3) NY could suspend or revoke a registration

Even if a credit-reporting agency is licensed, New York regulators could still revoke the registration under the proposed regulations.

The regulations would give the Department of Financial Services the ability to suspend or revoke a registration for any of nine reasons, including if a company violates any New York banking law or regulation, provides misleading information in the registration process or used fraudulent or dishonest practices.

The state would have to provide notice of its plan to suspend a license and hold a hearing on the matter before taking action.

4) Tougher cybersecurity rules

Once the new regulations take effect, credit-reporting agencies would have to soon comply with New York's cybersecurity rules for banks and insurers.

The rules would require the agencies to file a written policy with the state detailing how they will keep consumers' sensitive information under wraps, as well as employ a cybersecurity officer whose job is to protect private data.

The new regulations would phase in the cybersecurity rules over much of 2018.

© Gannett Co., Inc. 2017. All Rights Reserved


JOIN THE CONVERSATION

To find out more about Facebook commenting please read the
Conversation Guidelines and FAQs

Leave a Comment
More Stories