New Regulations Demand Answers in Real Time for Impacted New Yorkers
Requires Consumer Credit Reporting Agencies to Disclose Attempts to Profit on the Backs of Affected Consumers
Governor Andrew M. Cuomo today directed the New York Department of State to issue new regulations holding consumer credit reporting agencies accountable to the public. The regulations, adopted on an emergency basis and effective immediately, require consumer credit reporting agencies to respond within 10 days to requests made by the Department of State's Division of Consumer Protection on behalf of consumers.
"Consumer credit reporting agencies have a duty to deal fairly and honestly with all consumers, and here in New York, we will ensure the best protections are available to any victim of deceit," Governor Cuomo said. "The current status quo of allowing consumers to be penalized for having their data breached is unacceptable, and with the addition of these new protections, this administration will hold agencies accountable and help protect New Yorkers and their financial future."
The new regulations to protect consumers:
- Require consumer credit reporting agencies to identify dedicated points of contact for the Division of Consumer Protection so the Division can obtain vital information necessary to assist New York consumers;
- Require a timely response—within 10 days—by consumer credit reporting agencies to information requests made on behalf of consumers by the Division of Consumer Protection;
- Require consumer credit reporting agencies to file with the Division of Consumer Protection, and to plainly disclose to consumers all fees associated with the purchase or use of products and services marketed as identity theft protection products, including when those products are originally offered for "free"; and
- Require consumer credit reporting agencies to file with the Division of Consumer Protection a list and description of all business affiliations and contractual relationships they have with companies marketing credit monitoring and related products.
The regulations are available online here.
Secretary of State Rossana Rosado said, "We take very seriously our role to protect consumers from economic harm. The Department of State, Division of Consumer Protection will work tirelessly on behalf of affected New Yorkers to ensure they have the information they need to make informed choices about how to prevent identity theft resulting from this data breach. These regulations also put in place a common-sense framework to help ensure consumers have access to timely assistance in the event of future breaches."
The Division of Consumer Protection will also issue a demand letter to Equifax for vital information necessary to help the Division properly assess the damage and risk of identity theft to New York State consumers resulting from the data breach.
Governor Cuomo's action complements proposed regulations recently issued by the New York Department of Financial Services, which established a registration requirement for consumer credit reporting agencies, and mandated compliance with the state's first-in-the-nation cybersecurity standards. Under those rules, New York State-regulated financial institutions are prohibited from furnishing any information to non-compliant consumer credit reporting agencies.
The Department of State is charged under statute with coordinating the consumer protection activities of all state agencies, and may undertake investigations of matters affecting the interests of consumers. The Department of State will work closely with the Department of Financial Services as the state continues to review the Equifax breach, and any additional steps that should be undertaken to help consumers prevent identity theft.
For additional about the Division of Consumer Protection, request information or to file a consumer complaint, visit www.dos.ny.gov/consumerprotection or call the Consumer Assistance Helpline at 800-697-1220. The Division can also be reached via Twitter at @NYSConsumer and Facebook at www.facebook.com/nysconsumer.