Data breaches are becoming increasingly commonplace, not least because sensitive data is far more valuable than many people give it credit for. If you have a good credit score, your name, date of birth, and social security number can be worth around $80 in the right market. While that might not sound worth the time and effort involved, consider that data breaches at larger companies typically impact thousands of individuals at the same time.
Of course, there is more to a data breach than an intentional attack. Security breaches can happen at any time, and they do not have to be intentional. However, the companies that hold your information have a duty of care to protect sensitive data. Any failure to do so may lead to legal remedies being sought, especially if the owner of that data suffers a loss of some kind.
If your private information has fallen into the wrong hands, we invite you to speak to one of our data breach attorneys today.
.Speak To a Data Breach Lawyer from Bell Law Today
Data breach victims often have more questions than answers, as well as increased animosity toward businesses that allowed the breach to happen. Data privacy is a serious concern, and the effects can be far more serious than affecting a company’s reputation.
Those that have their personal records leaked or lost can suffer beyond the initial invasion of privacy through identity theft, financial losses, and more.
Our data breach lawyers will help you make sense of what has happened and provide advice and guidance based on extensive previous experience to ensure you not only take remedial action but have plans in place to ensure you do not suffer further damages as a result.
We will help you ensure that any organization, from financial institutions that have lost credit card information to hospitals that may have inadvertently shared medical information, is held accountable.
Being held liable could be as simple as an apology and reassurance that plans are in place to enhance security and for better risk management going forward. However, serious cases can quickly turn into legal issues. This might involve a direct data breach lawsuit against the relevant business or may involve a data breach class action lawsuit.
No matter what the correct course of action is, our data breach lawyers are on hand to ensure all our clients have the best possible chance of success.
Contact our law firm today for a free initial consultation at 816-281-0649.
What Are Data Breaches?
As noted, some data breach victims have plenty of questions following a data breach. When personal information is lost because a business fails to protect itself adequately, it is its duty to notify customers that such a breach has taken place, usually through a data breach notification.
Simply put, a data breach is the transfer of sensitive information from one authorized party to an unauthorized one without permission from the owner of the confidential information or the party charged with storing it.
While data breaches are not always malicious, there is a highly active criminal industry built around acquiring personal information, usually for financial gain. As the introduction states, just three relatively simple pieces of information, spanning names, birth dates, and social security numbers, can prove incredibly valuable, especially for those seeking to profit from identity theft.
Essentially, any sensitive personal information that can be profited from, either through sale or manipulation, has value in the right – or wrong – hands:
- Credit card numbers can be leaked and, in conjunction with supporting information, can be used to purchase goods and services directly
- A compromised credit report can provide a wealth of information to enable identity theft, often leading to further damage to those reports for victims
- Even genuine phone numbers can be valuable as they are combined with other leaked information and typically hundreds of thousands of other numbers, and often sold in bulk for marketing purposes
In short, virtually all sensitive information has value. A security breach sees valuable data transferring ownership from an entity with a legitimate use for it to another party typically involved in fraudulent activity.
What Do Data Breaches Involve?
While technological advances of recent years have transformed everyday life for many people, there has been no point in history where people have had so much information associated with themselves. Furthermore, such information has never been so accessible, and third parties have never been under such pressure to keep that data safe.
Before the internet, data breaches were far more physical. Stealing contact information in bulk typically involved either breaking into an office and stealing records or an inside job. Today, virtually any data worth storing is held electronically. The nature of accessing and processing this information on behalf of customers means it is often connected to a network.
Without sufficient risk management and security protocols in place to protect it, that means that anyone in the world could theoretically access that information with the correct tools and expertise.
Malicious data breach incidents typically involve technology and, among other factors, are caused by:
- Weak credentials, such as passwords
- Software vulnerabilities, especially when companies fail to apply security patches
- Malware and viruses
However, much to the surprise of many consumers, the most likely cause of any given security breach remains people. Social engineering, insider threats, and physical thefts and attacks still rank highly among the biggest data privacy threats facing businesses across the United States.
Data Breaches and Federal Laws
There is always an implication that when an individual decides to share their personal information with a business, those companies are held responsible for ensuring it remains private information rather than becoming publicly accessible.
However, unlike other parts of the world, such as the European Union, where there are specific regulations in place to protect consumers, there is no single overarching piece of data protection legislation covering the US.
Instead, data privacy and the responsibilities of companies across the country are covered by hundreds of different laws on both the state and federal levels. Our data privacy lawyers will discuss the specifics of your case with you and how the law applies. However, most cases will involve at least some aspects of the following regulations.
The Federal Trade Commission Act
The Federal Trade Commission (FTC) has broad powers in the corporate world and is often the first body that affected individuals look to in cases of breaches of consumer privacy.
The FTC is tasked to protect consumers from deceptive and unfair business practices. The failure of any business to adhere to its own privacy policy is considered deceptive. So, suppose a company has stated that it takes certain security actions to protect customer information but did not do so, leading to that data being compromised. In that case, the FTC will set about holding companies accountable.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
HIPAA created a national framework for the protection of sensitive information related to medical records. It makes it illegal for medical providers and businesses to disclose patient data without their knowledge or consent.
The act came in before electronic communication became mainstream, but still covers such information transfers. The Act also perfectly illustrates that while many data breach cases are malicious, they do not have to be. For example, an employee of a healthcare provider that is asked for medical information to determine benefit eligibility and shares it without informing clients could be in breach of HIPAA. As a result, they may be responsible for a data breach.
Of course, healthcare providers are far from immune to cyber-attacks and other malicious causes of data breaches. However, that does not absolve them of their responsibility to affected customers, and there has been a rise in HIPAA-related class actions related to victims of compromised information.
The Gramm Leach Bliley Act (GLB)
The Gramm Leach Bliley Act, which is also widely known as the Financial Services Modernization Act of 1999, covers multiple aspects of the operations of financial institutions.
In terms of consumer privacy and personal information, the Financial Privacy Rule requires all finance companies operating in the US to provide customers with a privacy notice when the relationship is formed, followed by a new copy each year.
Similar, in some way, to a website privacy policy, the document outlines what personal information the business collects on its clients, how that information is stored, and the security protocols in place to maintain consumer privacy.
The GLB also aligns closely with the Fair Credit Reporting Act, giving consumers the right to opt out of their personal information being shared with third parties beyond those required to deliver the products and services agreed with the business.
How to Deal With a Data Breach as a Consumer
While there is extensive information available on what businesses should do in the event of a security breach, useful information on what to do as a consumer is far more difficult to come by.
Every case is different – people that have their phone numbers exposed will react differently to victims of a breach involving social security numbers. However, in either case, the first step is to remain calm. Becoming unduly stressed can lead to making rash decisions that could ultimately hinder rather than help your situation.
It is often useful to contact the business involved in the data breach to establish what information was lost and when. This gives people the opportunity to apply a timeframe to the issue and check relevant information. For example, in breaches involving credit card numbers, an individual may wish to check the transactions made since that date.
The first half of the remedial process also requires you to establish losses. A leaked password on a website used once may not need lead to privacy lawsuits, especially if the password can be changed quickly and without difficulty.
However, suppose the data breach in question involves immediate financial loss or opens you up to the possibility of identity theft. In that case, it may be time to enter the second half of dealing with a data breach, that being the litigation process.
If you plan to take action, it is worth consulting a reputable law firm at the earliest possible opportunity. Narrow data breach cases may lead to a civil procedure. Still, they may also involve criminal charges for a business, depending on the nature of data loss and any further risk to clients and customers.
In broader cases affecting hundreds or even thousands of consumers, a class action lawsuit may be more appropriate. The sooner you speak to data breach attorneys from a specialist law firm like Bell Law, LLC, the quicker they can get to work on class certification.
Frequently Asked Questions
Such is the nature of data breach regulations in the US that your ability to sue for a breach can often depend on where you’re located. In Missouri, where our law firm is based, most breaches are governed at the state level, but medical breaches are handled at the federal level under HIPAA.
Understanding whether you can sue and how, such as with a direct case or through a class action suit, is best checked with a lawyer. We offer a free consultation where we can answer that question, so don’t hesitate to call us at 816-281-0649.
Typically, whoever held the data at the time of the breach is legally liable for that information falling into the wrong hands, even if it was not technically their fault. They are also unable to shift responsibility to third parties, such as cloud storage providers.
Therefore, the company or organization that had stewardship over the data at the time of the breach is typically liable and will be the target of legal efforts such as class action suits.
While it is always advisable to speak to an attorney about specific cases, consumers should not be under the impression that they cannot claim compensation in the event of a data breach, even if they have not suffered direct financial losses.
Upon being notified of a breach, consumers should assess the potential impact the data loss can have on them. Some sensitive information is easier to change than others, and once it is outside your control, the chances are it will remain that way. As noted, an attorney from our firm will be able to provide a detailed answer on what to expect based on the specific nature of your case.
Speak to an Attorney About a Data Breach Settlement Today
At Bell Law, LLC, our law firm always works in all clients’ interests to ensure that their information is protected. When a business or other organization fails to do so, they are held accountable to the fullest extent of the law.
There are rules and regulations in place to ensure consumers can expect a certain level of service from anyone they willingly share their personal information, and we are here to ensure those levels are met. Specialist data breach lawyers from our law firm are here to ensure that you receive the full context around your case and professional advice concerning the next steps, whether that involves suing an organization directly, starting or joining a class action suit, or otherwise taking appropriate action.
The initial consultation about your case is completely free and without obligation. We will help provide context to your concerns, help you to understand if and how you have become a data breach victim, and advise on the next steps.
Reach out to the Bell Law team now at 816-281-0649.