The state of Maryland has entered into multiple settlements with Experian over data breaches.

The Maryland Attorney General’s Office and those in 39 other states announced two separate settlements with Experian and a subsidiary recently over the companies’ handling of personal information. Experian failed to notify customers regarding data breaches in 2010 and 2015.

Experian has paid penalties and agreed to improve its data handling and security as part of the settlement.

Brian Frosh, Attorney General, said to ensure the new methods are effective, Experian will hire outside firms to audit its data practices.

“There will be monitors in place whom they will hire to look over their shoulders which will be looking at how they’re doing and what they’re doing,” Frosh explained.

Experian did not respond to our request for comment.

A few states have enacted comprehensive data privacy laws. Maryland’s Personal Information Protection Act is not comprehensive but has been strengthened since its implementation in 2008. Now the law mandates data aggregators such as Experian to notify customers about data breaches within ten days of discovery.

When asked if Congress and state legislatures should enact more strict data protection and privacy laws, Frosh said yes, and pointed to biometric data.

“You can now get your DNA tested. It goes into a database somewhere. It may be sold to other entities,” Frosh outlined. “We think that should be included among the things that are protected within the scope of the personal information that people need to take special care of.”

The settlement requires Experian to offer affected consumers five years of free credit monitoring services. For more info on data privacy and security and other consumer services, visit the Attorney General’s Identity Theft Unit website.


Leave a comment

Leave a Reply