What is the Current State of Consumer Data Privacy in the United States?
Data privacy and the regulations governing the issue should be a matter of concern for all internet users and online service providers. Consumers’ online data is often filled with sensitive information and often consumers must bear the bear the cost of cybersecurity attacks. However, the Securities and Exchange Commission (the “SEC”), in an effort to protect consumers, has increased enforcement of the disclosure requirements for publicly traded companies.[1]Representative Adam Schiff recently called for stricter regulations in response to recent cybersecurity developments as a measure “’. . . to protect people’s private data’”.[2]
The Securities and Exchange Commission currently requires public companies to make disclosures about consumer data breaches when they are of material importance to reasonable investors, usually in quarterly statements.[3] The quarterly disclosures protect the general public in two important ways. The first way is by creating a system to ensure that companies implement protection measures to secure user data.[4] The second way these regulations benefit the public is by creating market stability. “Public companies must disclose data breaches in their SEC reports to the extent they are material in ways important to a reasonable investor”.[5] While the SEC and other regulatory agencies have engaged in rulemaking procedures to promote better prevention measures for data protection, consumer data is still subject to leaks.
Facebook is an example of a public company that has been subjected to breaches of private data.[6] In that data breach the district court held that:
“1 user demonstrated substantial risk of identity theft sufficient to establish user’s injury-in-fact;
2 allegation of time lost by user was sufficient to establish injury-in-fact;
3 identity theft expert’s testimony was inadmissible;
4 harm of diminished value of personal information due to loss of privacy and loss of royalties was too speculative to assert claim of negligence against website by user;
5 user had standing to seek prospective injunctive relief requiring website to introduce greater security screening; and
6 user sufficiently outlined general contours of requested injunction at class certification stage of proceedings.”[7]
Facebook’s data breach is one of many examples where users’ personal information was exposed. Considering that breaches like Facebook’s are regular occurrences, it raises important questions about the current regulatory scheme and its effectiveness.
Frances Haugen’s recent testimony regarding Facebook’s business practices further demonstrates the need for meaningful regulation.[8] “’I think we need to narrow the scope of the safe harbor these companies enjoy if they don’t moderate their contents.’”[9] Here, Schiff is likely referring to the general lack of transparency shown by big tech. Although Haugen’s recent testimony touches on a different issue facing big tech it speaks to the need of meaningful regulation on the tech industry.
Footnotes