Image: consumer.ftc.gov

There is a contract between users and the online service provider that our privacy and identity will be protected called a User Agreement.  When Internet platform providers do not protect our privacy and account information they are violating the agreement and should be held legally accountable. These voluminous agreements are completely written from the company point of view forcing the user to turn over content rights to the platform provider.  This is just not fair it is our content we created it, like writing with a pen, the pen company does not own the article I just wrote. Neither should Internet platform providers like Google, Facebook and Apple be allowed to do whatever they want with the content I create – they didn’t create it and should not own it.

We bring this starting point up because in the latest data breach announced belatedly by Facebook of 50 million users is another case in point.  Executives causally looked at the problem as their spokesman would not even call it a breach because ‘no passwords were broken into’ no instead Facebook just gave access to Cambridge Analytica and then sent a form asking if Cambridge had deleted the data, the respondent checked a box that said Yes.  Facebook never bothered to do the due diligence on the firm to see if the 50 million records were actually deleted that to begin with the firm never should have had access.

Source: Identity Theft Resource Center – 2017

The majority of the breaches are into businesses while banking and credit institutions are bringing down the number of incidents.  Yet, the percentage of incidents that involve social security and credit card numbers is holding steady as hacking into systems increases. Experts at the Identity Theft Resource Center estimate for 2017 that 171 million records compromised, with a 44 % increase from 2016.  Based on announced incidents the 171 million records compromised is probably on the low side of all the incidents during the year.

Today, Orbitz announced a breach into payment records for 850,000 users, Equifax disclosed last fall that 148 million users had their payment records compromised, though now they say it was ‘only partial driver’ license numbers and names’, not social security numbers or full drivers’ licenses or credit card numbers.  Yahoo discovered that in 2013 over 1 billion user accounts were compromised 2 years later.  The list goes on and on, what is clear is that the online industry is approaching user privacy and security in too causal a way.

Next Steps:

During the Obama administration a bill was introduced to strengthen privacy protections and make corporations accountable for data breaches.  Senator Elizabeth Warren (D-MA) and Senator Mark Warner (D-VA) has introduced a bill to force credit reporting agencies to pay fines when data breaches occur, providing immediate disclosure and tools for remedying the problem to consumers.  Senator Warner also introduced a bill to require that credit agencies make credit freezing services available free of charge. Firms like LifeLock actually had an agreement with Equifax on a per user basis to make money from the breach when Equifax users signed up for identity protection.

Plus, we propose a complete review of all online User Agreements to force platform providers to insert clauses protecting user data from hacks with accountability, noting that content is user owned and allowing for class action law suits in the event of a breach to remedy the damage to users who need to repair their credit records and financial information from identity theft.