Tag: Equifax
Equifax: A Case of Misplaced Integrity and Trust
By the time you read this, you most likely have Equifax data breach fatigue. So why read yet another article? Because the current history of Equifax woes go back for more than a decade as Equifax fought against or blamed consumer protection legislation while using consumer data that its was entrusted with to derive record-setting profits. Equifax has been identified as a trafficker of consumer data for the benefit of those who issue credit. While Equifax could do this work responsible, its history and recent actions demonstrate a lack of respect for consumers and perhaps too much control without sufficient balance of power.
Equifax’s profitability is directly tied to the use of consumer personal information. Legal restrictions interfere with Equifax’s bottomline. In late 2003, Equifax reported financial losses that were attributable to anti-spam legislation such as the federal CAN-SPAM law. During this time, Equifax downsized, laid off employees, and de-valued certain assets. Consumer-protection laws directly reduced Equifax profitability as its client organizations reduced email direct marketing activities.
Equifax has presumed ownership and control of consumer personal data. In early 2004. Equifax CEO Thomas Chapman reported opposition to the Fair and Accurate Credit Transaction Act (FACT Act) and wrote that being forced to give away the service of free annual credit reports was “unconstitutional and politically motivated.” Thomas provided no discussion of data ownership or partnership with consumers regarding private data. His only angle in discussing consumer data was developing products and services for sale.
While Equifax marketed itself as a company of integrity and trust, its actions do not mirror this language. From meetings with shareholders to its corporate website, Equifax stresses the importance of integrity. Equifax openly publishes its code of ethics and speaks of trust being essential to its reputation. CEO Rick Smith has been also noted as stating that the center of trust is security with respect to its information technology choices. However, events that transpired with the current data breach involving 143 million people show a different picture. Three executives sold stock worth more than $1.8 million dollars just before the public announcement of the breach. The Equifax breach website does not necessarily publish accurate details on whether an individual may have been impacted in the breach. It is possible to enter fake information and get a recommendation to apply for credit monitoring. A restriction on the right of legal action in exchange for credit monitoring caused mass consumer confusion. Consumers had to accept arbitration as a condition of free credit-monitoring. As a company that specialized in data breach notification, Equifax has become a poster-child of poor response. This is not consistent with the qualities of integrity and trust.
Equifax holds a uniquely pivotal position across the United Sates as a gatekeeper of consumer financial information and its broad use across government and private industry. The federal government contracts with Equifax for broad use of consumer financial information. One example is use of consumer financial data by the Internal Revenue Service (IRS). Some states allow financial credit information to be used for setting auto insurance rates. Private organizations such as banks use credit history for loan applications and approval. Given the magnitude of the current breach and a history of prior security incidents, some of Equifax’s controls should be outsourced until trust is vetted and can be restored. While Equifax may complain or balk at outside control over a private company, its current efforts to protect consumers have egregiously failed. What’s worse is that aftermath will not be known for years.

