After Equifax breach, Langevin revives bill requiring companies to notify customers sooner

This July 21, 2012, photo shows Equifax Inc., offices in Atlanta. (AP Photo/Mike Stewart)

PROVIDENCE, R. I. (WPRI) – After 143 million Americans were affected by the Equifax data breach, opening their personal information up to hackers, U.S. Congressman Jim Langevin reintroduced a piece of legislation that requires companies to notify customers within 30 days of discovering a breach.

“Right now there’s a patchwork approach of 48 states that have different data breach standards,” Langevin said. “This would bring a uniform standard to data breach notification laws.”

According to Equifax, the breach lasted from mid-May through July. The credit reporting agency didn’t notify consumers until September.

Hackers stole names, Social Security numbers, birth dates, addresses, and even driver’s license and credit card numbers in some cases.

“Significant damage could be done and that’s really pretty outrageous,” Langevin said. “They should have, at the very least, have notified customers much earlier than what they did.”

Langevin says the sooner customers know about a data breach, the better.

“The sooner customers know about this, the more vigilant and proactive they can be in helping to protect themselves,” he said. “So we can hopefully prevent any further damage from being done.”

U.S. Sen. Sheldon Whitehouse is also backing the legislation to protect consumers’ credit by allowing people to correct errors on credit reports and by requiring data brokers, like Equifax, to improve privacy and security policies.

“I hope that the size and scope of this failure gets congress’ attention and that we are able to move in a big bipartisan way to give consumers better rights in this area,” Sen. Whitehouse said. “Said the other way, if we can’t do it after Equifax, then that’s a real problem.”