This past Friday, both the Credit Union National Association (CUNA) and the Federal Trade Commission made moves associated with the Equifax security breach.
CUNA announced that the association will file a lawsuit against Equifax to protect credit unions and their members from harm as a result of the incident that Equifax reported to have happened on July 29 and disclosed on Sept. 7.
“Equifax needs to be held accountable for this massive data breach that gave hackers access to the personally identifiable information of 143 million Americans and the credit card information of 209,000 people," said Jim Nussle, president and chief executive officer of CUNA.
“Equifax’s disregard for protecting this highly sensitive data means credit unions are left bearing the brunt for damages in replacing members’ cards payment cards, covering fraudulent purchases and taking protective measures to reduce risk of identity theft and false loans,” Nussle continued.
CUNA is holding a members-only call at 4 p.m. ET on Tuesday to discuss credit unions' legal rights, including potential participation in class action lawsuits in the wake of the Equifax breach.
Meanwhile, the FTC will host a workshop on Dec. 12 to examine questions about the injury consumers suffer when information about them is misused.
As the nation’s primary federal privacy and data security enforcement agency, FTC said they have brought more than 500 privacy and data security-related cases, which have focused on deceptive and unfair business practices that cause or are likely to cause consumer injury.
The workshop will address questions such as how to best characterize these injuries, how to accurately measure such injuries and their prevalence, and what factors businesses and consumers consider when evaluating the tradeoffs involved in collecting, using or providing information while also potentially increasing their exposure to injuries.
“Information flows of all kinds are vital to our economy, but the increased collection and use of consumers' information carries some risk for consumers when that information is misused,” acting FTC chairman Maureen Ohlhausen said. “This workshop is aimed at helping us to better identify and measure the consumer injuries that may result from the misuse of information about consumers.”
To help assist the agency’s analysis of this topic, the FTC is seeking comment on a range of issues including:
- What are the qualitatively different types of injuries from privacy and data security incidents?
- What frameworks might we use to assess these different injuries? How do we quantify injuries?
- How do businesses evaluate the benefits, costs and risks of collecting and using consumer information in light of potential injuries? How do consumers evaluate the benefits, costs, and risks of sharing information in light of potential injuries?
Individuals can find a full list of questions and information about how to submit comments in the detailed public notice about the workshop by going to this website. The deadline for submitting comments is Oct. 27.
The workshop, which is free and open to the public, will be at the Constitution Center, 400 7th St., SW, Washington, D.C. It will be webcast live on the FTC’s website.
Registration information, an agenda, directions to the Constitution Center building and a list of speakers will be available in the near future on the event webpage.