Credit information ReportLoan Information Report
State of California is proposing a new liability regime for companies trading in credit.
California's legislature is considering the adoption of the Assembly Bill 1859 ('AB 1859'), which would introduce significant new safety requirements for credit bureaus and businesses working with such credit bureaus. According to AB 1859, credit bureaus and their suppliers would be obliged to update their IT infrastructure, be proactive in identifying and correcting weaknesses and test their IT infrastructure on a regular basis.
Any credit bureau or agent who does not take these actions and consequently violates privacy could be held responsible for criminal sanctions, damage and legal costs. This legislative proposal introduces special requirements and sanctions to mitigate the damage done by infringements of privacy related to credit information for consumers.
According to AB 1859, a credit reference bureau or agent who holds or manages the personally identifiable information of a California-based company is obligated to perform weak -point fix upgrades. California Civil Code 6, which requires credit bureaus and vendors to perform security fixes within three working days of discovery and to take appropriate measures to minimize the risks of non-compliance until such fixes are used.
In the event that any credit bureau or agent does not take such action and commits a noncompliance, California resident persons whose information is affected shall be considered as actually infringed and shall be eligible for criminal sanctions, damage and attorneys' costs. The California C. C. Section 1798. Section 84 establishes the limits of civilian sanctions that can be collected at $3,000 for any wilful, deliberate, or ruthless offence.
California citizens can reclaim up to $500 per violation for other offences. Currently, this section defines sanctions for other kinds of non-compliance and unauthorised disclosure and provides a system under which possible sanctions can be accurately foreseen. As set out below, however, the Bill aims to improve this system by extending liabilities to credit bureaus and their subcontractors, introducing new liabilities and enabling affected California citizens to collect more than just civilian sanctions.
In response to the widely published 2017 Equifax non-compliance, AB 1859 changes the current regulatory environment in several ways that are more expansionary than earlier California and state legislation. Contact both credit reference agencies and companies that work with credit reference agencies providing information on California-resident individuals on California credit reference agencies' behalf. Please contact the credit reference agency for more information.
Demand credit bureaus and subcontractors to remedy known weaknesses within three workingdays after detection. Ask credit bureaus and suppliers to "quickly pinpoint, prioritise and remedy the most risky vulnerabilities" to decrease the probability that they will be used. Ask credit bureaus and vendors to "test the effects of reduction actions and product upgrades.
" Permit affected California citizens to receive compensation for "any violation" in excess of civilian fines and attorneys' costs. "Taken together, these changes put a whole new category of businesses under safety and responsibility if they sustain a violation. Credit reference agencies for consumers, as well as any business that concludes agreements with these credit reference agency or uses credit reference information, could have significant implications if they do not upgrade and test their schemes.
Thus, OJ 1859 introduces a new rule under which credit bureaus and suppliers must spend more complying with the rules in terms of timing and resource and, in the event of a possible infringement, must expect ever greater and less foreseeable repercussions. When this warning was written, OJ 1859 was currently in the assembly floor and could be put to the vote this weekend.
Even though it would still have to go through the California State Senate and be autographed by Gov. Brown, businesses dealing with credit information should take note now. It is an aggresive reaction to what many states see as a default to blame credit bureaus and their subcontractors for safeguarding their schemes and dealing with weaknesses.
When the AB 1859 becomes effective, it could be used as a template for other countries to track and substantially alter the distribution of risks and liabilities in sectors that use credit reference information. Maybe just as important, it can result in significant punishments for the careless.