(UPDATED) Equifax Agrees to New Data Breach Safeguards in Consent Order With State Regulators
Dan M. Clark reports on six major actions Equifax agreed to take to settle eight states’ charges against them over the 2017 data breach. From his report, because I cannot find a copy of the actual consent decree online just yet:
- The company’s board members will have to review and approve a written risk assessment plan for future digital threats.
- Equifax will also have to improve oversight of its information security program.
- The board is also tasked with reviewing digital security policies and keeping them up to date and applicable to current threats.
- An audit committee of the Equifax board will also be tasked with evaluating information technology controls at the company.
- Similar rules apply to vendors with the company.
Read more on New York Law Journal.
Updated: You can read the consent order here (pdf).