A year ago, Americans learned that a company that warehoused their personal information without their express permission had failed to safeguard that data, exposing to unauthorized access the personal data of more than half of all adults in the country.

And then ... nothing happened.

The Equifax Inc. EFX, -2.51% data breach should have been a wake-up call for the U.S. government, sending a clear signal that new safeguards and penalties needed to be enacted to protect Americans and their data. Instead, legislators brought the Equifax chief executive to Capitol Hill to yell at him and pretend they cared deeply, then largely moved on to the next ineffectual hearing.

That CEO, Richard Smith, eventually stepped down, walking away with $18.3 million in pension benefits. Two SEC cases alleging insider trading among certain Equifax executives after the breach are still ongoing. The Federal Trade Commission has taken no action. Another investigation opened by the Consumer Financial Protection Bureau is ongoing.

Still have questions about Equifax one year later? We have the answers

“No public enforcement actions have been taken by either agency in response to the breach,” wrote Sen. Elizabeth Warren of Massachusetts and Rep. Elijah Cummings of Maryland, both Democrats, in a letter Thursday to the chairman of the FTC and the director of the Office of Management and Budget as they shared a Government Accountability Office report on the breach. “Credit Reporting Agencies (CRAs) should be given special attention by regulators because of the unique characteristics of the industry.”

Perhaps it is unsurprising that the FTC has not cracked down on Equifax, since President Donald Trump appointed a lawyer who has represented the company as the head of the agency’s consumer protection division. The CFPB has been thrown into turmoil by the Trump administration as well, leaving that agency mostly toothless.

This column suggested in the wake of the Equifax disclosure last year that it was investors who should bring the wrath of Americans on the company, because why would anyone invest in a data-warehousing company that failed at literally its only job? For a while they did, but the declines were short-lived — Equifax’s stock was down less than 5% in the past year at the close of trading Thursday, and had gained 15.1% so far in 2018, almost double the 7.7% gain of the S&P 500 index.

The stock’s recovery could have been predicted, since Equifax said that its total costs related to the incident came to about $300 million, with $75 million covered by insurance. The costs entailed transforming its IT and security infrastructure — which was obviously needed — and legal fees, and are a drop in the bucket for a company of Equifax’s size and scale. In 2017, its annual revenue was $3.4 billion, and sales have not fallen off, rising 3.2% through the first six months of this year.

At this point, it seems Equifax will move on and avoid any long-term pain beyond having its name become permanently synonymous with “data breach” in most Americans’ minds. Consumers, though, must agitate for permanent changes to address the glaring need for government regulations and penalties that protect our data.

After all, it is consumers who are at risk for identity theft, were left in the dark by the company’s tardy disclosures and feeble response, and who still have no protection at the federal level of their most sensitive data. Legislators have written various bills, which have died or become stymied at the federal level, such as the Warren/Warner bill, called the Data Breach Prevention and Compensation Act. The bill, which sought to have the Federal Trade Commission annually inspect credit bureaus and issue fines for security breaches, appears to be stuck in the Senate Banking Committee, according to a recent report on the Equifax breach by the U.S. PIRG Education Fund that consumers really should read.

Another idea that has been espoused by privacy advocates is for the U.S. to create an agency or an entity charged with the protection of consumer data. Such an agency or authority would have the required expertise and could enforce data-protection standards on credit-reporting companies like Equifax, financial institutions and other companies that are repositories of sensitive consumer data, ranging from Facebook Inc. FB, -2.24% FB, -2.24% FB, -2.24% FB, -2.24% to the Alphabet Inc. GOOG, -3.42% GOOGL, -3.45% unit Google to Amazon.com Inc. AMZN, -4.12% .

Don’t miss: A year after Equifax, cybersecurity is still seeking its Holy Grail

Currently, the FTC is the main agency in the U.S. handling privacy issues, under the guise of protecting consumers against deception and fraud. It is also the watchdog for antitrust issues in the U.S. But once a tech company spells out its privacy policies and consumers agree to them, there is not much more that can be done. The FTC does not have any rule-making authority, and it can only act after the fact, such as by levying fines. An agency completely devoted to data privacy and protection could extend to consumers clear rights to their own data, much as the new General Data Protection Regulation law in the European Union does.

“The GDPR really gives power back to the users, and isn’t totally reliant on the priorities of a couple of commissioners of an agency, who have so many other things to deal with, like diet pills that make claims that can hurt consumers,” said Christine Bannan, consumer-protection counsel with the Electronic Privacy Information Center, or EPIC, a public-interest research organization in Washington. “We just don’t see the agency as the best vehicle for protecting privacy.”

Why cyberattacks on airports and power grids could be the new reality

Under the Trump administration, though, creating another government entity is not exactly a popular idea, and none of the attempted legislation in response to the Equifax scandal called for the creation of a new entity focused on data protection and privacy.

Such an entity, though, could address consumer privacy across all other areas, such as transportation and education. “It seems more effective to have this one agency than to try to put privacy experts in every agency,” Bannan said.

States including California have been enacting their own privacy laws, but privacy advocates fear that weak federal privacy policy under the current administration could supersede more stringent local legislation.

“It’s hard to think of what would be bigger than Equifax disclosing half the county’s Social Security numbers and Facebook and Cambridge Analytica influencing the election — that would seem to be a watershed moment,” Bannan said. “But it’s a hard time politically.”

Americans should not let the government use the “it’s a hard time politically” line as an excuse to not do its job. We deserve protections for our data, which grows more valuable by the day, not least because artificial intelligence depends on more and better personal data for improvements. We must hold our leaders accountable for not making it happen in the past year, and we must demand they catch up now.