Credit Reporting Official to Lawmakers: More Cyber Regulations Aren't Needed
Eric Ellman of the Consumer Data Industry Association told a panel of members of the state Senate that in light of the Equifax breach, lawmakers may be “tempted to grasp headlines” but should focus on mitigating cybersecurity threats.
October 24, 2017 at 05:52 PM
7 minute read
An official for the trade group representing credit reporting agencies told a panel of New York lawmakers at a hearing on cybersecurity Tuesday that the state already has sufficient regulations in place and policymakers should be focusing instead on how to prevent the attacks.
Eric Ellman, the senior vice president of public policy and legal affairs at the Consumer Data Industry Association, based in Washington, D.C., told a panel of members of the state Senate that in light of the Equifax breach, lawmakers may be “tempted to grasp headlines” but should be focusing on mitigating cybersecurity threats.
“What I would encourage your committee and your colleagues to consider is to focus on things that will actually prevent cybersecurity breaches. And while it may be tempting to grasp headlines and go for emotional arguments, I would strongly encourage all of your colleagues to take a step back and hit pause and figure out what can actually be done to solve whatever problems might occur,” Ellman told the panel.
In September, Atlanta-based Equifax Inc. announced that hackers had gained access to sensitive personal information on roughly 143 million Americans—later increased to 145.5 million—and 209,000 individuals' credit card numbers. Following the breach, which affected roughly 8 million New Yorkers, Attorney General Eric Schneiderman's office and the Department of Financial Services opened up investigations into the consumer credit monitoring company seeking more information about the breach (NYLJ Sept 28). The Federal Trade Commission made the rare disclosure that it was also investigating the data breach. And on Tuesday, the U.K.'s Financial Conduct Authority disclosed that it, too, is investigating after the breach affected as many as 694,000 British people, originally announced as fewer than 400,000, according to the BBC and other news sources.
Less than two weeks after news of the security breach, Gov. Andrew Cuomo proposed new regulations that would subject companies like Equifax, Transunion and Experian to the same cybersecurity rules the state enacted for banks and insurance companies (NYLJ Sept. 18) earlier this year. The requirements under the proposed rule would mandate that consumer credit reporting agencies have DFS-approved plans to deter cyberattacks and report any such attack within 72 hours of the occurrence.
At the hearing held by New York state Senate's committee on government operations and investigations in New York City, state Sen. Terrence Murphy, a Republican representing part of the lower Hudson Valley, asked what the industry could learn from the Equifax breach.
“Make sure you have a full inventory of hardware and software assets. Make sure that there are people and systems in charge and fully aware of what holes might exist in those hardware and software systems in your inventory, what can be done and what can be done quickly to try and patch any holes that occur,” Ellman responded.
State Sen. Brad Hoylman, a Manhattan Democrat, asked Ellman whether he was supportive of the Cuomo administration's proposed regulation to have the credit reporting industry be regulated by the state, calling the consumer reporting credit industry a “donut hole.”
“I'm not sure that we're a donut hole as much as a bullseye,” Ellman responded.
“If there are going to be rules, regulation, it should be focused on actually solving a problem and I think to some degree, perhaps to a large degree, the proposed regulations are a solution in search of a problem,” Ellman later said.
An official for the trade group representing credit reporting agencies told a panel of
Eric Ellman, the senior vice president of public policy and legal affairs at the Consumer Data Industry Association, based in Washington, D.C., told a panel of members of the state Senate that in light of the Equifax breach, lawmakers may be “tempted to grasp headlines” but should be focusing on mitigating cybersecurity threats.
“What I would encourage your committee and your colleagues to consider is to focus on things that will actually prevent cybersecurity breaches. And while it may be tempting to grasp headlines and go for emotional arguments, I would strongly encourage all of your colleagues to take a step back and hit pause and figure out what can actually be done to solve whatever problems might occur,” Ellman told the panel.
In September, Atlanta-based
Less than two weeks after news of the security breach, Gov. Andrew Cuomo proposed new regulations that would subject companies like Equifax, Transunion and Experian to the same cybersecurity rules the state enacted for banks and insurance companies (NYLJ Sept. 18) earlier this year. The requirements under the proposed rule would mandate that consumer credit reporting agencies have DFS-approved plans to deter cyberattacks and report any such attack within 72 hours of the occurrence.
At the hearing held by
“Make sure you have a full inventory of hardware and software assets. Make sure that there are people and systems in charge and fully aware of what holes might exist in those hardware and software systems in your inventory, what can be done and what can be done quickly to try and patch any holes that occur,” Ellman responded.
State Sen. Brad Hoylman, a Manhattan Democrat, asked Ellman whether he was supportive of the Cuomo administration's proposed regulation to have the credit reporting industry be regulated by the state, calling the consumer reporting credit industry a “donut hole.”
“I'm not sure that we're a donut hole as much as a bullseye,” Ellman responded.
“If there are going to be rules, regulation, it should be focused on actually solving a problem and I think to some degree, perhaps to a large degree, the proposed regulations are a solution in search of a problem,” Ellman later said.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllAfter 2024's Regulatory Tsunami, Financial Services Firms Hope Storm Clouds Break
GC Pleads Guilty to Embezzling $7.4 Million From 3 Banks
Trending Stories
- 1Judicial Ethics Opinion 24-87
- 2The Key Moves in the Reshuffling German Legal Market as 2025 Dawns
- 3Social Media Celebrities Clash in $100M Lawsuit
- 4Federal Judge Sets 2026 Admiralty Bench Trial in Baltimore Bridge Collapse Litigation
- 5Trump Media Accuses Purchaser Rep of Extortion, Harassment After Merger
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250