LITIGATION WILL PROBABLY NOT SOLVE CONSUMER PROBLEMS IN A PERSONAL DATA BREACH…SO WHAT IS THE ANSWER?

We are a litigious society, and in some cases it is appropriate to take legal action against a company for reasons that have precedents in law. Unfortunately, the identity crisis has exploded so fast that regulations or laws, must less legal precedents, have not kept pace. The Ephemerallaw blog has covered this recently in response to several cases that have been filed recently. Mention was made that the typical victim would probably not take the time to file a lawsuit, even if it might result in meaningful compensation. On the other hand there was the woman who spent 20 minutes filing a victim’s claim with the FTC and felt it was a waste of time. Which proves my continuing point that we are also an apathetic society full of “Apathetics” that want what is rightfully theirs but for whatever reason won’t do the right thing to get it. Until we get by that, neither laws nor litigation will be meaningful. The fact that one of the largest depositories of our names and personal data—the junk mail industry—has indicated that we don’t even have the right to control what mail we receive—certainly not take control over our names and private information—should raise the ire of every consumer in this country. See yesterday’s Dunning Letter. If this industry continues to build its person databases at the rate it is going today without control over how your sensitive data is used, we are headed for disaster. And there are also the non-junk mail businesses—pharmaceutical and mortgage companies, Super markets, insurance companies, health care providers, loyalty programs to name a few—that have learned just how valuable this private information is, and are in a frenzy to collect all they can. If we are talking about compensation, businesses who sell our names and personal data should share the proceeds with the name-holders—without which there would be nothing to sell—and from the junk mail industry alone, the average retiree could supplement their Social Security or pension with $607 a month. And this doesn’t even include the revenue from non-junk mailers. Ephemerallaw says, “So what is enough?” in answer to the fact that litigation is not likely to work. Regulation is the answer, “clearly written and consistently enforced.” Amen! Continuing, the blog points out that most businesses want clear guidelines on how sensitive data should be collected and used. I have always thought this could be established by passing federal legislation that would grant consumers control over their names and private information. However, we’re in a presidential election year where most Congressional leaders are frightened of their shadows with the possibility they wouldn’t even get that vote. Besides, when this whole thing started back in February of 2005, there was a rash of activity in Congress to pass data breach legislation that has gone absolutely nowhere. Three years later and zilch, so one might expect that, even after the November election, the “do-willies” from Washington would just piddle away another three years. My opinion is that state laws to create this regulation would be a nightmare for business and government, which would eventually place a burden on the consumer. So what we need is for California to step up to the plate and pass a law that gives consumers control over their names and personal data; that’s where the identity crisis started with CA SB 1386 that brought ChoicePoint to their knees. Then, maybe Congress will wake up and do the right thing.