In the months before revealing a data breach that potentially exposed the personal information of nearly half the adult U.S. population, Equifax Inc. turned to the firm Akin Gump Strauss Hauer & Feld in Washington to help convince U.S. lawmakers to reduce penalties for companies that violated the federal fair credit-reporting law.
Akin Gump, long among the lobbying revenue leaders for Washington firms, has advanced a variety of interests for the Atlanta-based Equifax, now reeling from a cybersecurity breach that exposed upward of 143 million consumers’ Social Security numbers, birthdates and other personally identifiable information. Numerous lawsuits were filed alleging violations of the Fair Credit Reporting Act, or FCRA.
In a U.S. Senate disclosure, dated June 30, Akin Gump identified “FCRA liability reform” in a summary of lobbying services for Equifax, which paid the firm about $40,000 in a three-month span this year. Lobbying records show Equifax first hired Akin Gump in March 2015; the firm has lobbied on other issues, including verifying eligibility for health coverage under the Affordable Care Act. Partners Jeff McMillen and Jamie Tucker have done much of the work for Equifax. Neither was reached for comment Monday.
Equifax’s lobbying disclosure for the period between April and June said the company had lobbied on a pending U.S. House bill—the “FCRA Liability Harmonization Act”—that would limit class action damages for violations of that law. The company often relies on its own in-house government affairs team.
Proposed by U.S. Rep. Barry Loudermilk, R-Georgia, the bill would reform the Fair Credit Reporting Act to limit consumer remedies in class actions and eliminate punitive damages. Just hours before the Atlanta-based Equifax announced the data breach, the House Financial Services Committee was debating the Georgia Republican’s proposal.
Loudermilk said in May, when he announced the bill, that he wanted to curb alleged abuses in the court system and align the Fair Credit Reporting Act with other consumer protection laws that cap damages.
Cybersecurity Lobbying Spend
Equifax reported $500,000 in lobbying records through the first half of this year not only on Loudermilk’s bill but also on issues such as data security, breach notification, “data breach response” and “cybersecurity threat information sharing.”
The company drew criticism for waiting until last week to disclose the breach after learning of it in July. As the Wall Street Journal reported last week, most states have requirements for data-breach notification, but companies and industry groups have pushed for a federal standard.
Law professor Eric Chaffee told CNN last week: “It’s pretty remarkable how long Equifax has been aware of the problem and did not disclose it. The main problem here is the failure to disclose a catastrophic cyberattack that compromised the information that is at the heart of Equifax’s business model. This created a duty to disclose this attack in a timely fashion to investors, potential investors, and those whose data was compromised.”
Taking on the CFPB’s Arbitration Rule
Equifax has also lobbied on the Consumer Financial Protection Bureau’s rule to ban arbitration agreements that prevent consumers from filing class actions. Last week, Equifax came under criticism for tucking an arbitration clause into the terms for the free credit monitoring service it is offering in light of the data breach. The company soon amended the terms of service to let consumers opt out.
Among the other bills on Equifax’s lobbying radar: the Financial Choice Act, a bill by House Financial Services Chairman Jeb Hensarling that would strip the CFPB of key enforcement and supervisory powers while also empowering the president to readily fire the agency’s director. Hensarling’s bill would also shut down public access to the agency’s database of consumer complaints.
Equifax reported lobbying last year on proposals to force the CFPB to verify the accuracy of consumer complaints before posting them on the database.
According to disclosure forms, Equifax has paid the firm Arnall Golden Gregory about $240,000 through the first half of this year to lobby on matters including “Consumer Financial Protection Bureau oversight” and immigration issues related to electronic verification of employment eligibility.
The CFPB has regularly named Equifax, along with the credit-reporting rivals TransUnion and Experian, as among the top drivers of consumer complaints.
In January, Equifax and TransUnion agreed to pay $3.8 million and $13.9 million, respectively, in restitution to consumers whom the companies allegedly deceived. Equifax and TransUnion also paid respective civil penalties of $2.5 million and $3 million, without admitting or denying allegations that they misrepresented the usefulness of the credit scores they marketed.