Press Releases

Washington, D.C. — U.S. Senators Marco Rubio (R-FL), Chris Coons (D-DE), John Kennedy (R-LA), and Raphael Warnock (D-GA) reintroduced the Small Business Credit Protection Act, legislation that would require credit bureaus to inform small businesses of a nonpublic personal data breach within 30 days. The bill would also prohibit credit bureaus from charging small businesses for a credit report within 180 days following a breach. In response to the 2017 Equifax data breach, Congress amended the Fair Credit Reporting Act to enhance some federal credit protections for “consumers.” However, business credit is excluded from the statutory definition of “consumers” and thus, while small businesses’ nonpublic information was subject to the breach, the changes did not apply to those using business credit. Rubio first introduced this legislation in November 2018. Congressman Gregory Steube (R-FL) will introduce companion legislation in the U.S. House of Representatives.  
 
A one-pager of the bill is available here.
 
“The federal government must uphold the trust that Americans need to fully participate in our economy,” Rubio said. “My legislation, the Small Business Credit Protection Act, would ensure that small businesses receive protections in cases of a security breach. I urge my colleagues to join me in passing this bipartisan bill so that we can continue to protect America’s small businesses – the cornerstone of our economy.”
 
“Entrepreneurs need to build and maintain healthy credit as they grow their businesses,” Coons said. “That’s why it is so vital that government help protect the private credit information of small business owners, just as they do for consumers. I’m proud to introduce the bipartisan Small Business Credit Protection Act, which ensures if a small business’s private data is breached, business owners will be notified by credit bureaus just as swiftly as individuals are.”
 
“We’ve taken important steps to protect consumers, but small businesses’ credit data have also been compromised, and they deserve protection,” Kennedy said. “Consumers and mom-and-pop businesses are counting on us to safeguard their data privacy when new threats arise every day.”
 
“As small businesses in Florida and around the country begin to recover from last year’s challenges, we need to do our part to help them by holding credit bureaus accountable for their failures,” Steube said. “This legislation is an important step that direction through ensuring that our small businesses have access to the tools and information necessary to protect consumers from breaches.”
 
Following the Equifax breach, Rubio urged the Securities and Exchange Commission (SEC) Chairman Jay Clayton to require companies to promptly disclose significant hacks of material impact that make Americans vulnerable to identity theft.