Recently proposed legislation such as the Data Broker Accountability and Transparency Act of 2017, and the Freedom from Equifax Exploitation (FREE) Act, require notice to be given to the consumer that a breach has occurred and prevent fiduciaries such as credit reporting agencies to profit from consumer’s data, respectively.
Additionally, victims of the breach are being given free credit reports and freezes. However, these post-breach remedies seem to be closing the stable door after the horse has bolted. If the objective is to prevent breaches, perhaps consequences for allowing such security breaches should be more punitive.
Although Equifax was ordered to pay almost six hundred million, consider that nearly one hundred fifty million Americans were affected by the breach. That may be a long way from making the consumer whole after being left in financial ruin.
After all, Equifax and other keepers of sensitive financial and personal information are fiduciaries. They have a duty to keep this information secure. A breach of this duty can, and will most definitely, wreak havoc on the consumer’s life and should lead to consequences for the fiduciary. By this I mean actual damages.
Under Louisiana law, breach of contract allows recovery of documented damages. Negligence allows recovery of documented damages. True, Equifax was ordered to pay damages. However, the damages were capped at twenty thousand for an individual consumer. Why? An agency entrusted with a consumer’s sensitive information should not be exempt from paying damages that are measurable and tangible.
After all, “Every act whatever of man that causes damage to another obliges him by whose fault it happened to repair it.”