The Consumer Financial Protection Bureau announced a settlement with State Farm Bank, FSB for alleged violations which involved obtaining and furnishing consumer reports, which in some cases were inaccurate, to Consumer Reporting Agencies. The order finds that State Farm Bank, an Illinois federal savings association with over $10 billion in assets, violated the Fair Credit Reporting Act, the first U.S. Sectorial privacy law, and the Consumer Financial Protection Act in a number of ways.
The FTC announced a settlement with RealPage, Inc., a tenant background screening company, settling allegations that it violated the Fair Credit Reporting Act (FCRA) by failing to take reasonable steps to ensure the accuracy of the tenant screening information it provided to landlords and property managers.
The Equifax breach affecting as many as 143 million U.S. consumers highlights the segmented legal landscape surrounding data security as well as the challenges of regulating it. News reports indicate that federal agencies, including the FTC, and a number of state Attorneys General either are or have been called to investigate Equifax and a number of class actions have already been filed.
Some commentators have suggested that the Equifax breach requires a regulatory response, but it is not clear that regulation would have prevented the breach.