There for you. You cant be there. And everything i see is important. American history tv. All weekend, every weekend, only on cspan3. Sunday night on after words. Over 90 of Sexual Harassment cases end up in settlements. And what does that mean . That means that the woman pretty much never works in her chosen career ever again. And she can never talk about it. Shes gagged. Now how else do we solve Sexual Harassment suits . We put in arbitration clauses in employment contracts, which make it a secret proceeding. So, again, nobody ever finds out about it if you file a complaint. You can never talk about it. Ever. Nobody ever knows what happened to you, and in most cases youre also terminated from the company, and the predator, in many cases, is left to still work in the same position in which he was harassing you. So this is the way our society has decided to resolve Sexual Harassment cases. To gag women so that we can fool everyone else out there that weve come so far in 2017. Former fox news host, gretchen carlson, talks about Sexual Harassment in her new book, be fierce stop harassment and take your power book. Shes interviewed by sally quinn. Watch after words on cspan 2s book tv. Earlier this week, the Senate BankingCommittee Held a hearing on potential legislative responses to the equifax data breach, which made vulnerable the personal and Financial Information of more than 143 Million Consumers. We heard testimony from representatives of the Credit Reporting industry and Consumer Protection groups. This is almost two hours. As a followup to our hearing on the equifax data breach, we hear testimony on protection of consumer data. Members expressed interest in better understanding how Credit Bureaus are regulated, how they protect consumer data, and whether there are gaps that Congress Needs to fill. Ive long been concerned about the ever increasing amounts of big Data Collected by companies and by the government. It is critical that personal data is protected. Consumer impact in the event of a breach is minimized, and consumers ability to access credit is not harmed. Credit bureaus play a valuable role in our Financial System by helping Financial Institutions assess a consumers ability to meet financial obligations. And also facilitating access to beneficial Financial Products and services. The inherent nature of the Credit Bureaus business, as with most businesses in this digital age, requires utmost Data Security to ensure that sensitive Consumer Information is safeguarded. Two weeks ago, equifax testified about the methods it uses to protect its consumer databases, such as encryption at rest and tokenization. Former equifax ceo, richard smith, noted that while some of equifaxs databases are encrypted at rest, the disputed portal that was compromised was not. Questions remain about the best ways to protect sensitive data. Including are there Data Security industry standards and best practices at Credit Bureaus. Should tools like encryption at rest be employed to protect all data containing sensitive Consumer Information. What role do Financial Institutions and federal agencies play in Data Security at Credit Bureaus . Given the Credit Bureaus are Financial Institutions under the grammleachbliley act, how does Data Security, testing and oversight by regulators compare to that of traditional Financial Institutions . I look forward to hearing from our witnesses about what Credit Bureaus do to ensure security for the data they collect. Who oversees Credit Bureaus to ensure they have Adequate Security measures in place . And what improvements could be made to the oversight of Data Security at the Credit Bureaus . There are also many concerns regarding Company Response to data breaches. The Equifax Breach has left more than 145 Million Consumers a little confused as to what can be done to mitigate damage to their identities and credit. We do know that starting in january, equifax will offer all customers the ability to lock or unlock their credit files for free. Additional products have also been offered from equifax and the other Credit Bureaus for consumers to monitor or freeze their Credit Reports. Many consumers remain confused about which options are best for them. But this hearing will hopefully provide some additional clarity. We have a shared interest on this committee in ensuring that Credit Bureaus take the necessary measures to safeguard personal data and minimize risk of another massive data breach. Senator brown. Thank you, chairman crapo. Under current law, whether we like it or not, Companies Like equifax can collect vast trophies of personal information. That includes personal information plucked from our work histories, our social media profiles from reward cards that track our purchases at the grocery store, even information from our smartphones tracking our daily commutes. Generally these companies are free to sell that information to all sorts of Financial Institutions and other data mining firms who use it to make decisions about us, like what kind of car or job that we might get. Corporations like equifax rarely have to tell us exactly why or how these decisions are made. They get to hide behind proprietary models and trade secrets. It seems our laws protect big corporations use of peoples data a lot better than they actually protect people. As a recent breach demonstrates, enhanced Cyber Security measures at Companies Like he cequifax m work perfectly yet still do little to protect consumers data. 145 Million People have had their private data exposed. It doesnt appear that any sensitive corporate data was accessed. Because these businesses are not accountable to consumers, and because consumers have no choice over what is over who is collecting their information, Consumer Protection is pretty much an after thought. As we talk about the clearly inadequate protections for consumer data at equifax and those in place at the other Consumer Reporting agencies today, we cannot forget that the real victims of this hack are the 145 Million People, 5 million in my state alone. Through no fault of their own, have had their personal information compromised. I hope at todays hearing we dont just talk about how we strengthen Cyber Security. We need to do that, of course. But we also need to explore how to restore peoples control over their own information. We need to examine whether the crept Credit Bureau model makes sense for American Consumers. We know the Credit Bureaus have a long history of consumer complaints and inaccurate reporting that has longterm effects on peoples ability to get a job or get a house. Rather than addressing these problems, the Credit Bureaus have spent millions acquiring other Data Collection companies and branching out into new lines of business. Despite their continued failure, theres no other word to use, their continued failure to provide accurate Credit Reporting services, or to protect all of the data that they collect, these ceos have been rewarded with enormous salaries and bonuses. Sometimes they come in philosophy us and say theyre going to give up their bonus, as if thats a major concession. Now in an era of nonstop cyber threats, it seems like they made consumers even more vulnerable. Equifax made astounding amounts of money off of the consumer data it collected. It will hardly, unless things change, it looks like it will hardly pay a price for its recklessness. Its still collecting and storing our data. In some cases were giving some cases, were giving even tax dollars to do it. I look forward to todays witnesses views on these matters. Thank you. Thank you, senator brown. Well now turn to our witnesses. First we will receive testimony from mr. Andrew smith, partner at coughington and burrelling on behalf of the consumer data industry association. Then we will hear from mr. Mark rotenberg, president of the electronic privacy information center. And finally, we will hear from mr. Chris jaikaran. Did i pronounce that right . Mr. Chris jaikaran, analyst in Cyber Security policy at the Congressional Research serviceful. Each witness is recognized for five minutes of oral remarks and then we will proceed to questions. Mr. Smith, you may proceed. Thank you. Chairman crapo, Ranking Member brown and members of the committee, thank you for the opportunity to appear before you. My name is andrew smith, and im a partner in the law firm of covington and burrelling. Im appearing today on behalf of the consumer data industry association, which is a trade association of companies that provide businesses with the information and analytical tools necessary to manage risk and to protect consumers. Cdi as members include the three national Credit Bureaus, equifax, ex person and transunion. Youve asked us to discuss how Credit Bureaus protect consumer data. First, i wanted to mention the Important Role played by the National Credit reporting system in our economy. More than twothirds of our gdp comes from consumer spending, fueled by Consumer Credit. Its the National Credit reporting system that allows consumers to quickly and effortlessly open a bank account or purchase a cell phone. More than 40 of consumers move every year. And the National Credit reporting system facilitates this mobility. In addition to providing fast, fair and impartial access to wellpriced credit, insurance, apartment rental and other essential services. Nearly 50 years ago, congress enacted the fair Credit Reporting act to ensure the fairness and impartiality of Credit Reports to protect Consumer Privacy and to foster the continued development and vitality of the National Credit reporting system. The most recent revision to this comprehensive regulatory scheme was the addition of the cfpb as a supervisory agency. This is the first agency to directly supervise the National Credit reporting system. Not just examining Credit Bureaus, but also examining the users of Credit Reports and the companies that contribute information into the Credit Bureaus. The cfpbs virtual continuous supervision of the Credit Reporting system began in earnest in early 2012, and, according to the cfpb, has produced, and i quote, a proactive approach to compliance management that will reap benefits for consumers and for lenders for many years to come. With respect to Data Security, Credit Bureaus are subject to federal and state laws requiring them to safeguard consumer data, and because of the key role they play in the banking system, they also are subject to very specific private Data Security requirements. Such as the payment card industry Data Security standards. To begin, Credit Bureaus are required by the fcra to maintain procedures to ensure that they only provide Credit Reports to legitimate people for legitimate purposes. These credentialing requirements go beyond contractual certifications and include comprehensive Due Diligence of perspective customers, as well as Continuous Monitoring of existing customers. The fcra also requires secure disposal of Credit Report information. In addition, the ftcs safeguards rule, as referred to by chairman crapo, under the grand leech bliley act, requires Financial Institutions, including Credit Bureaus, to develop and implement comprehensive Information Security programs. The laws of at least 13 states similarly require companies to implement and maintain reasonable procedures to safeguard sensitive, personal information. Furthermore, almost every state requires that companies notify consumers when there is unauthorized access to or acquisition of sensitive personal information. Because of their Important Role in the banking system, Credit Bureaus are also subject to private contractual Data Security requirements. For example, because the Credit Bureaus handle credit card information, the card networks, visa, mastercard, et cetera, require that they comply with the payment card industry Data Security standards. And validate such compliance by obtaining an independent, Third Party Audit of their security procedures. In addition, because banks provide a great deal of sensitive customer information to the national Credit Bureaus, theyre required by their prudential regulators to conduct regular Information Security audits of the Credit Bureaus. These audits can include onsite inspections, which might last for several days. Each of the three national Credit Bureaus is subject to dozens of these bank reviews each year. Cdia shares with you the goal of ensuring that consumers and businesses have confidence in the ability of the National Credit reporting system to keep consumer data safe. Thank you for the opportunity to testify, and we look forward to todays dialogue. Thank you. Mr. Rotenberg. Members of the Senate Banking committee, thank you for the opportunity to speak with you today. My name is marc rotenberg, president of the electronic privacy information center. We are an independent, nonprofit, Research Organization founded in 1994 to focus public attention on emerging privacy issues. I would like to begin by saying that the equifax data breach is one of the most serious in our nations history. On par with a 2015 data breach at the office of Personnel Management that impacted more than 22. 5 million federal employees, their families and friends. The Equifax Breach poses enormous challenges to the security of american families, and even to our nations security. There is no simple solution, but in my testimony today, i will outline the steps i believe that congress can take to mitigate the risks that follow from the breach and reduce the danger and likelihood of future data breaches. I should also say that the Equifax Breach is remarkable, because of its scope, the sensitivity of the data, and the delay to fix a welldocumented security flaw. More than four months passed from the time equifax failed to install Critical Software updates. And the data that was disclosed is precisely the information that individuals rely upon to open bank accounts, get car loans, seek employment and buy cell p