Skip to main content

Former Equifax  (EFX) - Get Equifax Inc. Report  CEO Richard Smith's two-day Congressional tour of atonement got off to a rocky start on Wednesday. 

Rep. Greg Walden (R-Ore.) noted the difficulty of passing legislation that "fixes stupid" during Smith's visit to the House Energy and Commerce Committee. Ranking Member Jan Schakowsky (D - IL), who is co-sponsoring new data protection legislation, informed Smith, "Equifax deserves to be shamed in this hearing."

Shares of Equifax Inc. actually gained 2.9% to $110.94 on Tuesday, though the stock has dropped more than 22% since disclosing the massive breach in early September. 

Though Smith is in the hot seat for Equifax's massive breach of consumer information related to credit scores,CEOs in any number of businesses that profit from personal data should take note. As the far-reaching Sarbanes-Oxley Act followed the accounting scandals from 2000 to 2002, similar rules could emerge to protect consumer data. 

"Just like Sarbanes-Oxley requires publicly traded companies to have the CEO and CFO sign off on the accuracy of financials I think ultimately you will get to the same place where it won't just be banks and financial institutions and insurance companies that are required to provide a certification," said Scott Vernick, a partner at Fox Rothschild LLP . 

The onus, Vernick suggested, would fall on "data rich" companies that collect names, email addresses, Social Security Numbers, driver's license numbers, personal financial information, and even data on political affiliation, religion or ethnicity. 

Merchants, for instance, now have to sign off on their compliance with payment card information, or PCI, data security standards set up by the card associations. Eventually, companies in various industries might have to make some kind of notice or affirmative statement that they have met a threshold of consumer data security, according to Vernick.

More of What's Trending on TheStreet:

TheStreet Recommends

"Not only do I think you will see greater regulation and oversight of the three [credit ratings agencies]," Vernick said. "The broader lesson is that just given the way in which data has become so important to companies and given the way I think data governance is trending, these are some of the things that are in store for businesses generally."

As Energy and Commerce Committee Chairman Bob Latta (R-Ohio) reminded Smith on Tuesday, Equifax's breach jeopardized 44% of the total U.S. population. While the security failures at Equifax are exceptionally large and involve particularly sensitive consumer data, major breaches such as the recent events at Inc.'s (AMZN) - Get, Inc. ReportWhole Foods and fast-food chain Sonic Corp. (SONC) have become weekly or even daily events. 

"These breaches of personal data are a sad but clear example of what economics refers to as 'negative externalities,' which are costs to third parties -- consumers in this case -- of decisions made by others =- companies that didn't protect the data appropriately," Fernando Montenegro, Senior Analyst for Information Security at 451 Research, said in an email.

"Economics has taught us that regulations are one way to address these negative externalities, so we can easily see a scenario where the cause of better regulation for handling consumer data gets more traction in the public sphere," he said. "As other jurisdictions pick up on this -- the European data protection regulations are commonly cited -- we expect the interconnected nature of today's world to raise the likelihood of having similar requirements enforced here, too."

Cloud computing and data analytics software have turned consumer data into a valuable asset. Cyber thieves understand that value, especially when it involves financial information. Montenegro noted that maintaining such "large pools of data also imposes costs and responsibilities, and that we need to constantly navigate the balance between the two - costs and benefits."

If chief executive officers, chief security officers and other corporate leaders missed Smith's testimony on Tuesday, they'll get another chance on Wednesday. Smith testifies before the Senate Banking, Housing and Urban Affairs Committee in the morning, and takes part in a Judiciary Committee meeting on privacy and technology in the afternoon.

More of What's Trending on TheStreet:

Editors' pick: Originally published Oct. 4.