Prof. Jayanth R. Varma's Financial Markets Blog

About me       Latest Posts       Posts by Year       Posts by Categories

Should Equifax be shut down?

The US and India are among the few countries that still retain the death penalty for people, and they should have no qualms about imposing the death penalty on companies. Equifax might be a good candidate for this drastic action after the massive data hack that has been described as the worst leak of personal info ever.

There is probably no criminal activity involved, and so nobody can be sent to jail. Fines and penalties will doubtless be imposed, but companies like Equifax tend to think of any fines as simply the cost of doing business and do not find it a sufficient deterrent. They will continue to spend too little on cyber security. There is little that consumers can do to discipline them either. Adam Levetin at Credit Slips hits the nail on the hand:

Equifax didn’t lose customer records. It lost consumer records. That’s an important distinction, and it goes to the heart of the problem with the CRAs. Consumers can, in theory, avoid harm from a data security breach at a merchant by not doing business with the merchant.

...

It’s not possible for a consumer to withhold business from a CRA because the consumer does not have a business relationship with the CRA. And this is the key problem: we have a consumer financial services market in which consumers cannot vote with their pocketbooks.

A threat far bigger than fines and penalties is needed to force financial firms to take security of consumers seriously. The only credible threat is that of shutting down the company and simultaneously imposing a penalty large enough to ensure that neither shareholders nor creditors of the company receive anything in the liquidation.

Posted at 9:32 pm IST on Wed, 13 Sep 2017         permanent link


Comments

Comments