Focal Point Academy Training Amenities

Focal Point Amenities Check out each of our training facilities, including nearby hotels and restaurants, or learn more about your…

The Equifax Settlement and Increasing Standards of Care Requirements

In September of 2017, Equifax, the largest of the three main credit reporting agencies, announced a data breach that exposed the personal information of 147 million consumers – almost 50% of the U.S. population. Due to a known, unpatched security vulnerability, hackers were able to gain access to a magnitude of unencrypted private consumer information, including names, Social Security numbers, dates of birth, credit card numbers, addresses, and even driver’s license numbers. More than two years after the breach was reported, Equifax has now reached a $575 million global settlement (with the potential to reach $700 million) with the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB), and the 50 U.S. states and territories. Based on the agreement, Equifax will allocate $175 million to the 50 U.S. states and territories, $100 million to the CFPB, $300 million to a fund that will provide credit monitoring services for affected consumers, and an additional $125 million fund in the event the initial $300 million is not enough to compensate consumers for their losses. In addition to paying restitution to the millions of victims of the data breach, Equifax also agreed to provide seven years of free assisted identity restoration services and six free credit reports each year for seven years. However, financial remedies are only part of the Equifax settlement agreement. Since the FTC alleges that Equifax violated the FTC Act and the Gramm-Leach-Bliley Safeguards Rule (GLBA) by failing to defend sensitive consumer data, the company is required to implement a comprehensive information security program. The program must be maintained for 20 years and protect the security, confidentiality, and integrity of consumers’ sensitive personal information This court ruling by the FTC against Equifax is only the beginning of the increased “Standards of Care” required for an organization’s cybersecurity program. As more organizations fall victim to a data breach and become involved in lawsuits or face regulatory actions, the courts will turn to this care benchmark to measure the organization’s practices to determine liability, fault, and punishment. Implementing these minimum Standards of Care set out by the FTC and updating your cyber insurance policies to include some, if not all, of these requirements, will help protect your organization in the wake of an incident. In Part 1 of our series tracking popular settlement actions and court cases, we’ll take a closer look at the specifics of the information security program required for Equifax and how these requirements may enhance your company’s security program as well.

Christopher Jurs

Chris Jurs is the Vice President of Cybersecurity and Data Privacy at Focal Point.

Application Developer

Chris is a junior-level web developer who wants learn new coding languages, so he can expand his skillset.
News Article

Focal Point Wins Identity Excellence Award for Innovative Vendor Access Solution

Focal Point today announced it received Ping Identity’s coveted Identity Excellence award in the “Better Together” category.

Automating Manual Processes at a Fast-Paced Healthcare Company

A fast-paced healthcare company engaged Focal Point to assist with automating their various manual processes. The Company’s manual processes presented…

Data Protection in Thailand: A Summary of the PDPA

After several legislative attempts, the Thailand Personal Data Protection Act (PDPA) was finally approved by the Thai National Legislative Assembly in February 2019. Following the passage of the bill, the PDPA was published in the Royal Thai Government Gazette and came into effect on May 28, 2019. Companies now have one year to bring their practices into full compliance by May 27, 2020.

HPE’s Deputy CISO Discusses Cyber Workforce Development

This is the first episode in Focal Point's Practitioner Interview Series, in which Focal Point experts sit down with real-world security leaders to discuss strategies for overcoming common security challenges. Drew Simonis, Deputy CISO of Hewlett Packard Enterprise, graciously sat down with Focal Point's Justin Avery to discuss his strategy on hiring, training, and retaining employees on his cybersecurity team.

An Interview with HPE’s Drew Simonis: Cyber Workforce Development

This is the first episode in Focal Point’s Practitioner Interview Series, in which Focal Point experts sit down with real-world…
New Search