09.12.17

Durbin, Franken, Cortez Masto To Equifax: End Use Of Consumer-Harming Forced Arbitration Clauses

Senators Also Ask Equifax If It Supports New Consumer Financial Protection Rule That Would Limit Forced Arbitration

WASHINGTON – U.S. Senate Democratic Whip Dick Durbin (D-IL) joined Senator Al Franken (D-MN) and Senator Catherine Cortez-Masto (D-NV) in pushing Equifax—the massive credit bureau that recently made public a data breach affecting 143 million Americans—to completely end its use of forced arbitration agreements, which limit the ability of consumers to pursue justice in a public court of law or challenge widespread corporate wrongdoing.

Equifax, one of the three biggest credit bureaus in the United States, stores personal information ranging from social security numbers to home addresses and tracks the consumer financial information—like loans and credit card payment history—that serves as the basis for Americans’ credit scores. Late last week, Equifax broke the news that their databases were breached in a massive cybersecurity attack earlier this summer, compromising the sensitive information of approximately 143 million Americans. 

Shortly after the announcement, several news reports revealed that the terms of use for Equifax’s credit monitoring and identity theft product TrustedID, offered to those affected by the breach, included a clause that forces wronged consumers into private arbitration proceedings and limits the ability of Americans to band together in class-action suits against Equifax. Due to public pressure, Equifax scrapped that TrustedID arbitration clause. But disturbingly, Equifax’s overarching terms of service—which covers all of its websites and services—still includes a similar clause.

In a letter, Senators Durbin, Franken, Cortez Masto, and 17 of their colleagues pressured Equifax CEO Richard Smith to drop support for and use of forced arbitration agreements. The Senators also called on Equifax to explain whether or not it supports a new rule from the Consumer Financial Protection Bureau (CFPB) to limit the use of forced arbitration in the financial services sector.  

“Forced arbitration provisions in consumer contracts erode Americans’ ability to seek justice in the courts by forcing them into a privatized system that is inherently rigged against consumers and which offers virtually no way to challenge a biased outcome. Forced arbitration clauses, like the one that appeared in the TrustedID Terms of Use, require consumers to sign away their constitutional right to seek accountability in a court of law,” the senators wrote. “Although Equifax has since removed the clause from the TrustedID Terms of Use – a move we applaud – we are concerned that the company may still support the use of forced arbitration more broadly.”

The letter, which you can read below or by clicking here, was also signed by Senators Tom Udall (D-NM), Ed Markey (D-MA), Richard Blumenthal (D-CT), Mazie Hirono (D-HI), Jack Reed (D-RI), Elizabeth Warren (D-MA), Bob Menendez (D-NJ), Tammy Baldwin (D-WI), Mark Warner (D-VA), Sherrod Brown (D-OH), Ron Wyden (D-OR), Heidi Heitkamp (D-ND), Cory Booker (D-NJ), Patty Murray (D-WA), Patrick Leahy (D-VT), Chris Van Hollen (D-MD) and Martin Heinrich (D-NNM).

September 11, 2017

Mr. Richard F. Smith, CEO

Equifax, Inc.

Dear Mr. Smith: 

We are writing to request information on Equifax’s announcement that 143 million U.S. consumers may have had their personal data compromised, as well as Equifax’s initial inclusion of a pre-dispute, mandatory (“forced”) arbitration clause in the Terms of Use agreement for TrustedID Premier – Equifax’s identity theft protection product. In response to significant public outcry regarding Equifax’s apparent attempt to retroactively limit liability for the breach by forcing potential consumer complaints into individual arbitration proceedings, the company took the very important step of removing the arbitration clause from the TrustedID agreement.

While we appreciate Equifax’s speedy response, the breach, as well as the public reaction to the company’s use of forced arbitration, underscore the need for the Consumer Financial Protection Bureau’s (CFPB) recently finalized rule that would prospectively limit the use of forced arbitration clauses and reopen the courtroom doors for consumers. As such, we ask that you clarify your position on the CFPB’s rule, and whether, in the wake of this unprecedented breach of consumers’ personal and financial information, your company supports legislation that would deny consumers access to a court of law.

Last week, Equifax announced that between mid-May and July of this year, cyber criminals gained access to certain Equifax files, including the personal information of potentially 143 million U.S. consumers. Specifically, “[t]he information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.”[1] In response, Equifax offered “complimentary” access to TrustedID Premier, which purports to help consumers determine if their personal information was impacted and provides them with credit monitoring and identity theft protection. Unfortunately, the TrustedID Premier Terms of Use included a forced arbitration agreement providing that all legal claims “arising from or relating to the subject matter” of the agreement must be settled by individual arbitration – a clause that has since been removed.[2]

Forced arbitration provisions in consumer contracts erode Americans’ ability to seek justice in the courts by forcing them into a privatized system that is inherently rigged against consumers and which offers virtually no way to challenge a biased outcome. Forced arbitration clauses, like the one that appeared in the TrustedID Terms of Use, require consumers to sign away their constitutional right to seek accountability in a court of law. These clauses also frequently include a prohibition on participation in a class action, language which strips consumers of the right to band together with other consumers to challenge widespread wrongdoing or illegal acts. 

In the current context, Equifax’s arbitration clause could have prevented those who accessed Equifax’s “free” TrustedID Premier product to verify whether they were affected by the data breach from banding together with others affected to seek justice in a court of law. The effects of the breach are not yet widely known, but it is foreseeable that consumers could have claims related to breaches of statutory and common law duties to safely store and continually secure consumers’ personal and financial data. Although Equifax has since removed the clause from the TrustedID Terms of Use – a move we applaud – we are concerned that the company may still support the use of forced arbitration more broadly. 

Indeed, Equifax’s Product Agreement and Terms of Use on its main site continues to include a forced arbitration clause preventing class actions. The product agreement states that it “contains the terms and conditions upon which you may purchase and use products through the www.equifax.comwww.identityprotection.com and www.idprotection.com websites and all other websites owned and operated by Equifax.”[3] Given that the TrustedID website is owned and operated by Equifax, we urge you to remove the offending clause from the landing page’s product agreement as well. Consumers who are rightfully concerned about their financial wellbeing deserve the certainty of knowing that using the TrustedID Premier product – even just to determine if their information has been compromised – won’t be surrendering constitutional rights and effectively immunizing Equifax from accountability. At the very least, Equifax must explicitly state that the arbitration clause does not and will not govern any claims arising out of the breach that occurred between May and July of this year.

Moreover, Equifax is currently lobbying the United States Senate related to the CFPB’s rule that would prospectively limit the use of forced arbitration clauses.[4] Presumably, Equifax is seeking to reverse the CFPB’s rule and limit their liability via repeal legislation, S.J. Res 47. We therefore ask that Equifax clarify its position on this legislation following the breach. We are hopeful that Equifax will use this unfortunate event to reconsider its broader support of pre-dispute, forced arbitration.

Thank you for your prompt attention to this important matter.

Sincerely,

 

-30-

[1] Cybersecurity Incident & Important Consumer Information, Equifax, Inc. (Sept. 7, 2017), https://www.equifaxsecurity2017.com/.

[2] TrustedID, TrustedID Premier Terms of Use, Equifax, Inc. (Sept. 6, 2017), https://trustedidpremier.com/static/terms.

[3] Terms of Use, EQUIFAX, INC. (MAY 2, 2017) http://www.equifax.com/terms/.

[4] Lobbying Disclosure Act Report, Equifax, Inc. (Q1 2017), https://soprweb.senate.gov/index.cfm?event=getFilingDetails&filingID=C7ED6B0C-ADFA-41A1-A972-8BBE62A01F35&filingTypeID=51.