When New York Representative Alexandria Ocasio-Cortez tweets, her followers expect to see some pot-stirring against House Majority Leader Nancy Pelosi or a castigation of President Donald J. Trump. Last week, however, AOC took to Twitter to do some signal-boosting regarding Equifax’s newly announced $700 million settlement with the Federal Trade Commission (FTC).
The settlement is related to a 2017 data breach affecting roughly 145 million consumers in the United States. The incident exposed a variety of pieces of sensitive information to the prying eyes of hackers, including Social Security numbers, birth dates and credit card numbers. The terms of the settlement call for Equifax to pay benefits to consumers impacted by the breach and to beef up the company’s data security.
In a series of tweets, AOC notified her audience of the possibility of collecting a settlement check or acquiring free credit monitoring for 10 years. The lightning rod freshman legislator isn’t exactly a fan of credit reporting agencies in the first place. She has used the Equifax breach in the past to criticize the credit scoring system as “very broken.” Given her massive media reach and membership on the House Financial Services Committee, AOC finds herself in a unique position to agitate for overhauling the regulation of credit monitoring services, including their best practices for cybersecurity.
Following quickly on the heels of the Equifax announcement, was news that New York State had moved to expand its data breach notification laws, becoming the latest state to pursue aggressive legislative action around consumer privacy (the most prominent being the California Consumer Privacy Act). These examples are just a small taste of what legislators nationwide are wrestling with when it comes to meaningful data privacy reform, the pressing need for which was made evident in yet another massive settlement announced last week.
As the result of a long-running investigation into the mining of Facebook users’ personal information by notorious political consulting firm Cambridge Analytica, the FTC tagged Facebook with a massive $5 billion fine for the equivalent of security malpractice. (Netflix’s new documentary “The Great Hack” details the relationship between Cambridge Analytics and Facebook leading up to the 2016 election.)
Additionally, the tech industry giant faces a series of new security protocols and restrictions for its products. The settlement requires Facebook to “restructure its approach to privacy from the corporate-board level down, and establishes strong new mechanisms to ensure that Facebook executives are accountable for the decisions they make about privacy, and that those decisions are subject to meaningful oversight.” Notably, the order creates an independent privacy committee on the company’s board of directors to discontinue “unfettered control by Facebook’s CEO Mark Zuckerberg over decisions affecting user privacy.” FTC Chairman Joe Simons couched the settlement as an effort to “change Facebook’s entire privacy culture to decrease the likelihood of continued violations.”
The Washington Post editorial board scoffed at the idea that the FTC settlement would do much to force Facebook to clean up its act, boiling the order’s remedies down to “pocket change” and “more paperwork.” Whether the social media company finds itself chastened by this incident, the Post’s thoughts on the matter seem to sum up a mounting sense of frustration with the cavalier and clumsy ways that Facebook, Equifax and other companies handle consumer data. Once policymakers get serious about crafting serious privacy laws – with sharp teeth for violations – their constituents will likely welcome them with relief.