Equifax won’t win any prizes for its handling of a massive security breach that potentially exposed the personal information of 143 million people to hackers.
But it was striking that of all the things that outraged consumers, the one that drew the most attention was Equifax’s inclusion of an arbitration clause in its offer of free credit monitoring.
Sign Up and Save
Get six months of free digital access to The Fresno Bee
Yes, it was slimy for the company to try to deny people their right to sue or to join class-action lawsuits.
But no, Equifax was by no means alone in pulling such a stunt.
The reality is that many, if not most, service agreements presented by businesses to consumers contain such a provision, and they get away with it because there’s precious little outrage over this shamelessly unfair practice.
“These forced arbitration clauses are everywhere,” said Christine Hines, legislative director for the National Association of Consumer Advocates. “But I’m not sure there’s widespread knowledge of it.”
In most data breaches, the compromised business offers free credit monitoring from one of the three leading credit agencies – Equifax, Experian or TransUnion. While that monitoring routinely comes with an arbitration clause, consumers aren’t prevented by the service’s provision from suing the breached company.
In other words, Target got hacked in 2014 and offered customers credit monitoring through Experian. Experian’s arbitration clause didn’t pre-empt lawsuits against Target.
Equifax’s breach is different in that the company that got hacked and the one offering credit monitoring are one and the same.
Equifax clarified last week that its arbitration clause applied only to “the free credit file monitoring and identity theft protection products, and not the cybersecurity incident” – meaning you could still sue the company over the hacking.
Even so, the social media backlash grew and Equifax subsequently announced it was completely erasing the arbitration clause from its credit-monitoring agreement for “this cybersecurity incident.”
“To be as clear as possible, we will not apply any arbitration clause or class-action waiver against consumers for claims related to the free products offered in response to the cybersecurity incident or for claims related to the cybersecurity incident itself,” said Wyatt Jefferies, a company spokesman.
Battle won, but war still being lost
That’s a win for consumers. But the war is still being lost.
The U.S. Supreme Court ruled in a 5-4 decision in 2011 that any business can include an arbitration clause in its service contract. The ruling pre-empted pro-consumer laws in various states.
The Consumer Financial Protection Bureau announced in July that financial firms under its jurisdiction – banks, credit card companies – can’t block people from joining class-action lawsuits.
Within days, Republican lawmakers in the House of Representatives voted to kill the rule. A similar vote by the Senate is expected this month.
Businesses say arbitration is better for consumers because it’s faster and fairer, and because it deters lawyers from filing nuisance suits in hopes of scoring a fat settlement. Some or all of that may be true.
What’s also true, though, is that arbitration overwhelmingly favors companies. The advocacy group Public Citizen found that over a four-year period, arbitrators ruled in favor of banks and credit card companies 94 percent of the time in disputes with California consumers.
A 2015 study by the Consumer Financial Protection Bureau found that in grievances with financial firms, “class actions provide a more effective means for consumers to challenge problematic practices by these companies.”
The same report revealed that fewer than 7 percent of consumers understood that an arbitration clause in their credit card agreements meant they couldn’t sue the company – which is to say that about 93 percent didn’t understand the provision.
Check the fine print
Arbitration clauses are now so pervasive that it’s reasonable to assume if you have a bank account, credit card, cellphone, pay-TV service, insurance policy or airline ticket, you’ve agreed to an arbitration clause, whether you know it or not.
Many employment contracts also contain such provisions, preventing you from filing suit in the event of a workplace issue.
Aside from blocking consumers from banding together and thus wielding greater clout, arbitration is inherently imbalanced because the arbitrator’s fee almost always is paid by the company in a dispute. The arbitrator thus has a financial incentive to favor one side over the other.
Consumer advocates are hoping people will be more aware of the issue not just because of the Equifax breach but also the assorted scandals that have plagued Wells Fargo. State and federal courts have tossed out lawsuits against the bank, maintaining that Wells’ arbitration clause prohibits legal action.
Nearly two dozen Democratic lawmakers wrote Monday to Richard Smith, the chief executive of Equifax, urging him to take the lead among credit agencies in getting rid of arbitration clauses on a full-time basis.
“Forced arbitration provisions in consumer contracts erode Americans’ ability to seek justice in the courts by forcing them into a privatized system that is inherently rigged against consumers and which offers virtually no way to challenge a biased outcome,” they wrote.
Since the Supreme Court’s ruling six years ago, Democratic lawmakers have introduced and reintroduced legislation, the Arbitration Fairness Act, that would do away with mandatory arbitration clauses.
It would still allow businesses and consumers to use arbitration as a dispute-resolution tool. But the decision would be mutual.
Ever since Equifax made clear that its arbitration clause won’t apply to the current breach, roughly two dozen proposed class-action lawsuits have been filed. Dealing with those suits undoubtedly will be very expensive for the company.
And you know what? Equifax probably will do everything possible to avoid being hacked again and thus put in a similarly perilous position.
Simply put, arbitration wouldn’t have done that.