It can seem that not a week goes by without news of another data breach compromising the personal information of a significant number of consumers. From credit card accounts to Social Security numbers and even private health information, the amount of data stored on servers vulnerable to attack continues to grow. Is there anything you can do to prevent yourself from becoming a victim of a data breach? Once your information has been compromised, what is your legal recourse? Read on to learn more about the limited measures you can take to keep your personal information safe, as well as the legal rights you may have if you've been harmed by a data breach.
Can you prevent a data breach?
Today, the vast majority of business and government records -- even those generated well before the advent of the Internet -- are kept online. While this information is kept behind strong firewalls on secure servers, these security methods occasionally break down, allowing hackers to capture this data and sell pieces of stolen identities on the black market.
The average consumer has next to no control over how data is stored by businesses or the government, and cannot force a specific entity to take additional steps to keep personal data safe (other than the security measures required by federal and state law). However, you can minimize the amount of data stored on the weakest servers by avoiding the use of credit cards at retail outlets and going cash-only, signing up for a service that will stop credit offers from being generated in your name, and declining to provide your Social Security number to entities who can't clearly articulate a reason they need it.
What legal options do you have if your personal information has been stolen following a data breach?
There are several things that you need to be aware of when it comes to a data breach. In many situations, a company that takes adequate security measures to prevent data breaches and mounts an instant response once informed of a breach may be free from liability for any damages resulting from the breach. While breaches affecting a significant number of people (or compromising extremely personal information) may be the subject of corrective legislative action on a state or federal level, the government has been slow to levy financial penalties on retailers that have permitted data to be stolen from secure servers.
However, if you feel you can show that the business or agency that held your personal data should have taken more precautions to keep your data safe, or if you have objections to the speed with which you were notified that your data was compromised (if you were notified at all), you may be permitted to file a private civil action against this business in state or federal court. Depending upon the circumstances of the breach, you could be able to file this lawsuit as an individual or as part of a larger group through a class action.
In order to collect liquidated damages, you'll need to be able to show both that the data breach took place and that this breach took a cognizable financial, physical, or emotional toll on you. Just like the tree in the forest may have no one around to hear it fall, a data breach without an actual injury suffered by the data holder may not be the basis for a civil lawsuit. If you're being lumped in with a class action but fear that the entire set of plaintiffs may not have suffered the same economic damages you have, you'll want to consult an attorney to determine whether a private individual lawsuit is a better option.