{"id":5229,"date":"2017-09-17T23:55:04","date_gmt":"2017-09-18T03:55:04","guid":{"rendered":"http:\/\/ncjolt.org\/?p=5229"},"modified":"2020-06-04T20:52:53","modified_gmt":"2020-06-04T20:52:53","slug":"equifax-unfortunate-reminder-inadequate-remedies-protections-identity-fraud","status":"publish","type":"post","link":"https:\/\/journals.law.unc.edu\/ncjolt\/blogs\/equifax-unfortunate-reminder-inadequate-remedies-protections-identity-fraud\/","title":{"rendered":"Equifax an Unfortunate Reminder of the Inadequate Remedies and Protections for Identity Fraud"},"content":{"rendered":"

Identity fraud is undoubtedly something to fear, as a consumer. Stories of the difficulties in getting one\u2019s life back are likely familiar to most, possibly from TV commercials or personal relations with victims. And of course, no one wants it to happen to themselves. But with the increasingly digital nature of the world, data hacks are becoming more and more<\/a> a part of life. Despite this fact, and as recent events show, resources and protections for consumers (especially those who become victims) have not really improved.
\nAt the beginning of September, Equifax revealed to the general public that it was the target of a major hack<\/a> which exposed nearly half<\/a> of all Americans to potential identity theft. Equifax<\/a> is one of the three major credit report agencies used by many Americans. Consequently, information which may have been stolen includes<\/a> social security numbers, driver\u2019s license numbers, names, birth dates, addresses, credit card numbers, and documents used in past disputes.
\nWhile this most recent data hack is certainly not the largest the United States has seen in recent years (Yahoo\u2019s two<\/a> were much larger), Equifax\u2019s breach has the potential to be much more devastating to its victims. This time, the data stolen from Equifax contains much more personal information that that stolen from Yahoo \u2014 information that could lead hackers to access<\/a> medical records, bank accounts, and employee accounts. This, for example, would mean that if the thief in possession of a victim\u2019s personal information took out a prescription<\/a>, it would go on the victim\u2019s medical record and cause issues regarding future hospital visits or prescription needs. Alternatively (or additionally), the thief could rack up traffic violations<\/a> under a driver\u2019s license in the victim\u2019s name. In a truly horrific scenario, victims of complex identity fraud have even found criminals serving prison sentences<\/a> under the victim\u2019s name.<\/p>\n

It is unquestionable that identity fraud is a terrible and terrifying situation for the victims. So, with nearly half of the country now at risk, what recourse does one have? Not very much, as it turns out.<\/p><\/blockquote>\n

Equifax, after revealing the hack, announced it was offering<\/a> potential victims free credit monitoring for up to one year. However, not only does this offer come many weeks<\/a> after the hack was discovered (and possibly months<\/a> after it happened), but initially<\/a> this free service required providing credit card information upfront, requiring users to pay for the service unless they preemptively cancelled it a year from now. To add insult to injury, the initial offer required<\/a> users to agree to an arbitration clause (which would waive consumer\u2019s rights to benefit from a class action, amongst other things) in order to take advantage of the free service. Both requirements were relaxed in response<\/a> to public scrutiny, with Equifax removing<\/a> payment requirement from the sign up and then offering<\/a> an opt out of the arbitration clause (though it is worth noting that one must notify<\/a> Equifax, by mail, within 30 days of the agreement in order to successfully opt out).
\nWhile the Consumer Financial Protection Bureau called Equifax\u2019s arbitration clause \u201ctroubling<\/a>,\u201d it isn\u2019t all that uncommon for companies to include such a thing; largely because it often benefits the company. But forcing people to waive legal rights, particularly in response to a situation that is quite possibly, at least in some manner, the fault of the company, is rather distasteful (even if the clause may not actually be enforceable<\/a>). Currently, a rule which would prevent<\/a> these arbitration clauses from being forced onto consumers is set to apply starting in March. Unfortunately, however, it appears there is a chance Congress may repeal<\/a> it before it goes into effect, as the House has already voted to repeal and the Senate could do so in the coming weeks.
\nPossibly even more important than the post-hack issues are the problems which helped to allow the hack to happen in the first place. Despite the incredibly sensitive and powerful information that Equifax (as well as similar companies) stores, Equifax has minimal<\/a> oversight and regulations placed upon it. For example, when the tax company TaxSlayer<\/a> was hacked earlier this year, they did not even have to pay a financial penalty due to the fact that it was their first offense in breaking the particular rule they violated.
\nWith the lack of oversight and regulatory control resulting in little chance of breaches being prevented and limited options after the fact, the onus is really on consumers to protect themselves \u2014 which, considering how life-changing identity fraud can be, seems much too inadequate as a solution.<\/p>\n","protected":false},"excerpt":{"rendered":"

Identity fraud is undoubtedly something to fear, as a consumer. Stories of the difficulties in getting one\u2019s life back are likely familiar to most, possibly from TV commercials or personal relations with victims. And of course, no one wants it to happen to themselves. But with the increasingly digital nature of the world, data hacks …<\/a><\/p>\n","protected":false},"author":1,"featured_media":5230,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[51],"tags":[],"_links":{"self":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/5229"}],"collection":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/comments?post=5229"}],"version-history":[{"count":1,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/5229\/revisions"}],"predecessor-version":[{"id":7060,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/5229\/revisions\/7060"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media\/5230"}],"wp:attachment":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media?parent=5229"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/categories?post=5229"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/tags?post=5229"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}