Vox: “…High-profile data breaches have been in the headlines for years. In 2013, Target lost the credit card, debit card, and other information of tens of millions of customers. In 2018, Marriott disclosed a data breach that impacted up to 500 million people; in 2020, it got hit again. In 2021, hackers got a bunch of customer information from T-Mobile that the company reportedly tried and failed to get back. The list of breaches goes on and on. Of course, these companies would surely rather not be dealing with these situations — data breaches cost firms millions of dollars and are often accompanied by reputational damage and sometimes fines. At the same time, that doesn’t mean the constant loss of consumer data is acceptable. Sure, we live in the era of the internet, and some security risks are inevitable. But that shouldn’t mean that you have to throw your hands up and accept your data is safe, basically, nowhere. The Targets and Equifaxes of the world got hit with big fines, but they still get to exist — lucratively. And they’re still constantly sucking up and monetizing consumers’ personal information.There’s a simple reason companies collect so much of our data — money — but why they get to collect so much, keep it, and monetize it is more complicated. There are some laws around data privacy and security, but they’re scattershot and generally handled state by state, and they could be better. Companies keep screwing up with our data, and there are no good answers on what to do about it.
All 50 states have laws that require businesses and in most cases government entities to issue notifications about data breaches. But they often differ on what happens next in terms of who’s allowed to enforce the laws and go after companies who screw up, explained Caitriona Fitzgerald, deputy director of the Electronic Privacy Information Center (EPIC). “Some states give attorneys general sole authority to enforce data breach laws, but they don’t give them any resources to do it,” she said. Some states allow for a private right of action, which allows private citizens to sue a company directly, but that can be tricky to navigate. Fitzgerald said courts have often made it hard for individuals to sue because it’s hard to quantify harm and show exactly the cost of your data being lost…”