Dan M. Clark reports on six major actions Equifax agreed to take to settle eight states’ charges against them over the 2017 data breach. From his report, because I cannot find a copy of the actual consent decree online just yet:
- The company’s board members will have to review and approve a written risk assessment plan for future digital threats.
- Equifax will also have to improve oversight of its information security program.
- The board is also tasked with reviewing digital security policies and keeping them up to date and applicable to current threats.
- An audit committee of the Equifax board will also be tasked with evaluating information technology controls at the company.
- Similar rules apply to vendors with the company.
Read more on New York Law Journal.
Updated: You can read the consent order here (pdf).