Hacking happens - its simply a reality in our digital world. You take precautions, change passwords often, make them longer and more complex, avoid public networks and hope. Even with all of these precautions, it still happens.

The Equifax hack on the surface is just that - a hack that randomly happened. I'm sure there were some rules and procedures that weren't followed, some lax supervision and failure to update policies and procedures. This is all bad and equates to very bad business practices. But it's not necessarily unethical.

Bad business practices make me upset. Unethical business practices make me angry. Here's what isn't making the headlines: Equifax lobbied for easier regulation and limited liability before the data breach. I'll say it another way: The company that allowed your very personal financial information to be shared with the entire internet was actively lobbying lawmakers in Washington to limit the rules under which they work and the liability they have when data breaches occur. Disgusting!

According to an article in the Wall Street Journal, "Equifax spent at least $500,000 on lobbying Congress and federal regulators in the first half of 2017." What did they want for that investment? They wanted a cap on statutory damages that consumers could win in a lawsuit against them of $500,000 and eliminate punitive damages. They also wanted the rules relaxed when it comes to reporting data breaches. Interestingly, a bill with the damage limitations has been filed in the House.

What did Equifax executives say about their lobbying activity? That they "work closely" with lawmakers and regulators "to ensure that we are communicating the benefits of credit reporting to the US Economy." And that they also believe in "fair industry regulation and advocating for policies that protect consumers rights." I don't know what you think about this, but limiting my ability to sue a negligent company or delaying notification of data breaches certainly does not protect my rights!

Did you know that they kept the hack under their hat for more than a month before letting you know? If you can't change the laws, ignore them!

So now come the investigations. Regulators will investigate and two congressional committees plan on looking into the situation. Here's unethical business practice number two.

The Equifax PAC (political action committee) contributed to thirteen members of the House Financial Services Committee during the 2016 election cycle according the the Wall Street Journal article. Knowing that their lobbying efforts produced a bill in committee, do you really think that members of the Financial Services Committee will take this seriously? They're not going to bite the hand that feeds them! 

Prior to the Citizens United case before the Supreme Court, corporate donations to political campaigns was limited. Since the case, money has flowed like water to campaigns.

The company says its PAC contributions "are made in a legal, ethical and transparent manner." If you believe this, then I have a bridge to sell you. When a company PAC makes a contribution to a politician, there is a quid pro quo - no matter what the company or the politician tells you. To think otherwise is pure naiveté.

Finally, the third unethical business practice: In the time between the hack and the public announcement, executives of Equifax sold shares of stock. That's right, they traded based on non-public information. Do you remember when Martha Stewart went to jail? That's why. I'll be very interested to see if these executives see the inside of a courtroom for this!

Here's what needs to happen:

• Consumers need the opportunity to choose which credit reporting agencies have access to their information.
• Equifax needs to be punished severely - the company, and the individuals running the company. There needs to be an example made, showing her there are consequences for neglect actions and unethical business practices.
• If I had anything to say about it, I would revoke Equifax's corporate charter. The federal government has a right to do so, but never exercise it.
• There needs to be a safer way for individuals to manage their credit. Now that all of our information is out there, we will forever be fighting this breach, so the paradigm must change.
• Finally, corporate lobbying and political action committees need to go away. This is a perfect example of how a multi-billion dollar corporation is using their money and influence to write their own legislation. It has to stop!

One of the most important aspects of responsible investing is shareholder advocacy - pushing companies to be better citizens, adopt ethical business practices and do the right thing. Its' what our investment manager partners do every day.

Here's the link to the WSJ article again.