How secure is your information in this digital age? And what are your legal rights if your information is compromised and you become a victim of identity theft? A couple of recent events are enough to make you wonder.
Advocate Health was recently slapped with a lawsuit charging that they flagrantly disregarded the privacy of some four million patients whose personal health information and Social Security numbers were compromised.
Meanwhile, hackers accessed personal information including names and encrypted credit card data for Adobe software’s 38 million active users. Personal records of some 64,000 employee records ? and the source codes for the company’s Acrobat, Reader and ColdFusion Web products ? were also exposed.
Despite these and many other high-profile security lapses, VISA reports that 85 percent of security breaches actually occur at the small business level. In either case, it’s no surprise that the potential for data disaster has spawned a burgeoning industry in cybersecurity and cyberinsurance to protect businesses at risk of compromising massive amounts of data. But what protections are afforded to consumers? Precious little.
At the federal level, The Gramm-Leach-Bliley Act and the American Recovery and Reinvestment Act require some financial institutions and healthcare providers and their partners to notify patients and the government when the security of private data is breached.
Colorado statute, via C.R.S. 6-1-716, requires those doing business in the state to notify consumers of any breach of their personal data ? and if the breach affects more than 1000 residents, to also notify credit reporting agencies.
Having been notified, the legal recourse for the person whose information was violated is iffy. Class-action suits and other civil remedies have generally not been successful unless they show not only that the information was wrongly compromised ? but also that it actually resulted in identity theft or other demonstrable harm.