I submitted a complaint to the CFPB requiring [1] Equifax to remove my credit record, due to their proven incompetence at protecting that data (citing their breech, several congresspeople grilling their CEO on CSPAN, etc). Its been 9 days and I haven't heard back from the CFPB yet (Equifax has 15 days to respond and up to 60 days to provide a final response), but Equifax has my complaint and even if it goes nowhere, it gives me something to hand over to Elizabeth Warren's office to show I have no control over my personal data and I have no control over having it removed regardless of how incompetent Equifax is.
Fingers crossed someone with Equifax's data dump starts dumping the data of Equifax senior management.
[1] Hat tip to patio11 on the language; don't use "I demand", professionals use "I require"
As for verbiage, you may want try the phrase you later used in a follow up post. It's not really your personal data. After all, it was data from an interaction with another entity which makes it their data as well.
So, personally identifiable information (PII) is a less-debatable phrase and more legally defensible.
In the first case, if you do business with a bank then the data from that belongs to the bank as much as it belongs to you. They are reporting their information, namely that you interacted with them. Thus, that information would belong to them.
In the second case, it is personally identifiable information - which is something that's difficult to dispute. This also gives you interest in that data which is a stronger point to stand on.
As mentioned before, I am not a lawyer and this is not legal advice. However, I have extensive experience with the justice system due to my career and have taken quite a few classes concerning the law.
Also, the word 'shall' has stronger implications than 'will.' I am not sure why but it is handy to know. The defendant will comply vs. the defendant shall comply.
Complaint was with Equifax, Inc. I specified I required my credit file be removed, as Equifax has had several egregious security breaches and is incapable of properly securing my PII [1]. They have 15 days to respond.
Fingers crossed someone with Equifax's data dump starts dumping the data of Equifax senior management.
[1] Hat tip to patio11 on the language; don't use "I demand", professionals use "I require"