It seems like every day, there is another data breach of alarming and “unprecedented” proportions. Some data security analysts and critics have gone so far to say that people should just presume that their personal information has been taken by hackers and is being sold.
You have a right to privacy, and there are laws that protect your personal information. Invoking your rights, though, can be difficult. Contacting the lawyers at Gilman & Bedigian is a start.
Your Personal Information is Private
Providing personal information to a company or service has become an almost daily routine, especially for people who are active on the internet. Organizations that collect personal information, however, become targets for data breach hacks because they have accumulated information for so many different people.
State laws require companies to take appropriate action to protect personal information. Different states, though, have different definitions of what constitutes your personal information. Some definitions are looser than others, while others are narrow and do not afford much in the way of protection. In most cases, though, personal information is defined by statute as your first and last name, plus any of the following:
- Social Security Number
- Date of birth
- Physical address
- Credit or debit card numbers, along with the card's associated personal identification number (PIN)
- Bank account numbers, along with the associated PIN
- Driver's license number or state identification number
- Email address and associated password
- Website username and associated password
Notification Requirements in the Event of a Breach
Most state laws dealing with data breaches go little further than requiring the hacked company to notify victims of the data breach. While the general rule is that hacked companies have to notify victims without an unreasonable delay, some states require notification within a specific number of days.
However, pending criminal investigations – which often accompany data breaches of any magnitude – can delay these notifications for as long as law enforcement requires.
Class Actions and Negligence
Many data breaches involve large companies that had a legal duty to protect their customers' personal information but failed to uphold that legal duty. As a result of their negligence or their poor safety policies, hackers gained access to their pool of personal information, copied it, and are now distributing it to whoever is willing to pay for it.
Victims can number in the thousands or even millions and can join together into class actions and file lawsuits for compensation for their losses sustained in the breach. Examples include:
- The Equifax lawsuit
- Records stolen from marketing firm Exactis
- Data breach at Marriott Hotels
- Yahoo!'s $85 million settlement for its data breach
- Non-financial personal information taken from Facebook
Gilman & Bedigian Fight to Protect Your Right to Privacy
Providing your personal information to someone else has become the new normal. Once companies have yours, though, they have shown a disturbing tendency to leave it unprotected and vulnerable. Data breaches at companies that you have only a tenuous relationship with can lead to your personal information falling into the wrong hands, where it can be abused.
The lawyers at Gilman & Bedigian strive to hold accountable those who are most responsible. Contact us online.