Senate Banking Chairman Michael D. Crapo said Tuesday his staff was studying the data breach at Equifax, but he hasn’t decided whether to hold a hearing on the issue and he wasn’t sure if the breach would affect the Republican effort to repeal the Consumer Financial Protection Bureau’s arbitration rule.
The Idaho Republican led a committee hearing Tuesday on a separate issue — the promise and the dangers of the burgeoning financial technology industries, like blockchain and mobile lending — but the event was overshadowed by the breach that Equifax has said may have resulted in the theft of personal information of up to 143 million Americans.
“With all the potential for fintech to improve the financial services sector, the industry is still relatively new,” Crapo said. “Uncertainty remains around questions like data security and the proper regulatory treatment to ensure that consumers and the financial system are safeguarded. The recent Equifax data breach reminds us of the critical need to ensure that areas like data security are given proper attention.”
Talking to reporters after the hearing, Crapo acknowledged he had been asked to hold a hearing on Equifax. Ten of 11 Democrats on the Senate Banking Committee signed a letter asking him to do so. Two House committees — Financial Services and Energy and Commerce — have already announced intentions to hold hearings.
“We are investigating at a staff level and in other ways,” Crapo said. “I haven’t made a decision yet on whether to hold a hearing.”
Banking ranking member Sherrod Brown was the only committee Democrat who didn’t sign the letter, but devoted much of his opening statement Tuesday to blasting Equifax. The Ohio senator complained that Equifax is offering those potentially harmed by the data breach, which included names, birth dates, Social Security numbers and in some cases credit card numbers, only one year of free credit monitoring.
“One year of credit monitoring cannot be expected to undo the damage of this breach,” Brown said, noting that after the 2015 breach of the Office of Personnel Management of 4.2 million current and former federal employees, Congress approved 10 years of free credit monitoring.
“We cannot accept any less for the people we serve,” he said.
Brown said he appreciated Equifax’s removal of the mandatory arbitration clause it had attached to TrustedID, the free credit monitoring product being offered. Until the removal, the company had effectively said it would provide protection from its own breach only if consumers waived the right to join a class action suit over the product that would safeguard consumers from effects of the breach.
Calling that “a step in the right direction,” Brown noted it remains unclear whether consumers can join together and sue the company because arbitration clauses are attached to other Equifax products and on the use of its websites.
Crapo said he didn’t know whether the political furor over the Equifax data breach would alter Republicans’ approach to bringing a resolution to the floor that would repeal the CFPB’s rule barring companies from making arbitration mandatory in consumer contracts.
Companies currently use the mandatory arbitration clause to prevent customers from joining class-action lawsuits. The CFPB rule is a final rule, but it doesn’t go into effect until Monday. Companies, however, have until March 2018 to come into compliance with it.
Crapo had said last week he expected the measure to come to the floor soon and he expected it to pass. The same resolution passed the House without a single Democratic vote in July. “As you saw in the hearing today, some of the senators are raising the fact that Equifax had arbitration clause language in some of its products,” Crapo said after the hearing. “They’re trying to make an issue there.”