In our data-driven economy, we frequently exchange our personal information for a faster, more convenient, and personalized customer experience. But in doing so, we trust that data like our health records, financial information, or personal conversations won’t end up in the wrong hands.
Each time your privacy is violated, you become more vulnerable to identity theft and fraud.
Unfortunately, this isn’t always the case. Data breaches and privacy violations seem to only be getting bigger and more serious.
How can you hold companies accountable for failing to protect your personal information—other than refusing to use the internet and paying for everything in cash? Know your rights and the laws that protect you.
Lawsuits can help recover compensation for financial and personal losses you suffer as a result of a privacy violation (like having to pay for identity fraud protection). They can also serve a larger purpose by helping to modify business behavior. Many settlement agreements require that companies implement greater security measures in their business. A large settlement or verdict also helps ensure a company doesn’t violate consumers’ privacy again, and serves as a warning to other businesses.
Here are common ways a company may be misusing your personal information, and the laws that can help you fight back.
1. Accessing your credit report without your consent
Under the Fair Credit Reporting Act (FCRA), companies must have a reason to access your credit report. Current or potential employers that want to use your credit report for employment verification and background check purposes must have your written permission first.
Stanford University was recently hit with a class action lawsuit for allegedly obtaining job applicants’ credit reports without their consent.
2. Printing more than five digits of your credit card number or expiration date
This includes receipts. If you ever see more than five digits of your credit card number listed, you may be able to file a privacy violation lawsuit under the Fair and Accurate Credit Transaction Act (FACTA).
National chains like The Cheesecake Factory and Six Flags have recently been sued over FACTA violation allegations.
3. Failing to properly dispose of your personal identifiable information
One of the most basic ways you can protect your sensitive data is by shredding documents and erasing electronic devices before disposing of them. Yet, some companies take the easy route when discarding your information.
Earlier this year, Cox Communications in San Diego was sued over allegedly discarding customer records without shredding or erasing sensitive information.
4. Not implementing security measures to protect your information from hackers
Anthem agreed to pay $115 million for allegedly exposing the health information of 80 million people.
Billions of records have been exposed in recent data breaches. By now, companies should know that data breaches are a serious and possible threat to their business. When they fail to take basic measures to secure your personal data from hackers, or fail to notify you about a data breach, you may be able to file a data breach lawsuit.
Regulations are even more strict for companies that work with protected health information (PHI). The Health Insurance Portability and Accountability Act (HIPAA) requires that these companies have security measures in place to protect your medical records from unauthorized access. If your information is breached, some states require that companies notify you as soon as possible; in California, for example, companies must send data breach notifications within 15 days of knowing the breach occurred.
Earlier this year, Anthem agreed to pay the largest HIPAA settlement in history—$115 million—for data breaches in 2014 and 2015 that allegedly exposed the health information of 80 million people.
5. Not obtaining your consent before collecting your children’s personal data
The Children’s Online Privacy Protection Act (COPPA) requires that parents have the option to monitor the data that is being collected, and be able to modify or opt out of tracking.
A recent lawsuit alleged that 42 Disney apps violated COPPA by tracking children’s activities to sell to advertisers without parental consent. The complaint called out apps like “Disney’s Princess Palace Pets” and “Disney Color and Play.”
This wasn’t the first COPPA lawsuit the company has faced. In 2011, Disney was hit with $3 million in COPPA penalties when its subsidiary Playdom allowed children to volunteer personal information, including their full names and locations, without parental consent.
6. Failing to inform you what financial information they’re collecting
Under the Gramm-Leach-Bliley Act (GLB), banks and other financial companies are required to send you a privacy notice that includes what information they collect on you, where and how they are using it, and how exactly they’re protecting the data.
Peer-to-peer payment apps like Venmo are also subject to GLB requirements. The FTC recently filed a lawsuit against Venmo for allegedly failing to provide users with a clear privacy notice, and for not having safeguards in place to protect user confidentiality until March 2015.
7. Deceptively collecting your personal data
Google is accused of tracking users’ locations, even if they turn off the “Location History” feature on their phones.
A company doesn’t have to suffer a data breach in order to violate your privacy, as recent high-profile lawsuits against Facebook and Google show.
Facebook was sued earlier this year over the the Cambridge Analytica data mine which affected 87 million users. Even though the company didn’t suffer a breach, the lawsuit alleges that Facebook should have known about the data aggregation but failed to stop it or notify consumers.
Google is not only accused of collecting personal information about users without their knowledge, but tricking them into a false sense of security. A recent lawsuit alleges that Google still tracks and stores users’ physical locations, even if they turn off the “Location History” feature on their phones.
Did a Company Violate Your Privacy?
Each time your privacy is violated, you become more vulnerable to identity theft and fraud. If you believe a company violated your privacy, you may be able to file a lawsuit. Contact us today for a free, no-obligation legal review.