EDITORIAL: Stop companies from spreading your house keys all over town

Big American companies too often act like careless neighbors who leave copies of your house keys all over town.

Then, when a criminal rips off your home while you’re out of town, the neighbors say, “Gee, sorry,” but the losses are all yours.

Then again, the neighbors could offer to watch your house more carefully — for a nice fee.

Creepy folks next door, huh?

And creepy big American companies.

A big problem in the United States, as revealed once again by the Equifax hacking scandal, is that corporate behemoths behave just that poorly, ravaging our privacy and financial security. Companies vacuum up our personal data — our names, Social Security numbers, bank account numbers, driver’s license numbers, addresses and the like — without asking permission and then protect that information so carelessly that identify thieves easily make off with it.

And we pay the price. Welcome to years of fighting over bills you don’t owe, trying to regain your right to take out a car loan, wondering why you didn’t get that job offer or even facing someone else’s criminal charges.

Even at a time when anti-regulatory zeal is all the rage in Washington, this is a crisis-level threat to our right to privacy that demands strong government action.

Last week, the credit-monitoring firm Equifax announced that it had somehow goofed and permitted criminals to make off with the private records of some 143 million Americans. The electronic loot included everything a cyber criminal might need to get a driver’s license or open a credit card account in your name and start spending your money. It was at least the 976th data breach of the year, according to the Identity Theft Resource Center.

Without tougher regulations, the problem will only get worse. As long as consumers are the ones largely on the hook when there are data thefts of this sort, there really isn’t much in it for companies to invest heavily in improving their cyber security. Corporations find it much more cost-efficient to spread campaign contributions around Washington, putting the kibosh on new regulations that could shred their profit models.

In the months before its huge data breach, Equifax was lobbying lawmakers to ease regulations, according to the Wall Street Journal. And, in an annoying twist, the company actually could make money off the breach if it results in more people deciding to pay for protective long-term credit theft monitoring.

But wait! Is that the sound of Congress finally rushing to stand up for the average American, now that 2017 is likely to set a new record for data breaches?

Actually, no.

Congress has bigger fish to fry, such as making sure we can’t sue companies when hackers steal our most personal data. The Consumer Financial Protection Bureau issued a rule to protect consumers’ right to sue, but the House voted in July to repeal the rule. The measure is now before the Senate.

Reacting to public pressure, Equifax on Monday said it would waive fees for 30 days for people who want to freeze their credit files. Gee, how nice. But stronger action is begged for.

Plenty of sound ideas are bouncing around Washington. Companies should be required to report breaches promptly. People should be able to get free credit reports whenever they need them. Individuals should be able to freeze their credit accounts, and “thaw” them later, without paying a fee. Limits should be set on what information corporations are permitted to gather. A way should be found to confirm identity using something other than a Social Security number, which can’t be changed after an electronic intrusion.

When identity theft occurs and a cyber criminal opens an account in someone’s name, the burden of proof in a dispute should be on the business, not the individual. Penalties for careless data breaches should be stricter.

Among European Union countries, the law requires that companies tell citizens how their personal information is collected, how it is disseminated and how it is protected. The United States should require the same.

In the meantime, there is pathetically little that an ordinary American can do. Experts advise us to be extra vigilant for bogus phone calls and emails from scammers posing as representatives of our banks or credit unions and to watch for fraudulent charges on our credit cards, but those are small and limited measures.

The only real solution is to force corporate America to do a better job of protecting the privacy of the hundreds of millions of customers who make them rich.

Send letters to letters@suntimes.com.