The age of "big data" is here, along with a growing list of big data breaches and the big mess created for millions of affected consumers. The only thing missing is big consequences for companies that are causing these big losses.
Last week, Equifax lost highly confidential personal and financial data on as many as 143 million people. The worst part? You didn't even give them permission to obtain this information. They can legally collect, store and share it regardless.
Although banks have a self-serving track record of their own (Wells Fargo, anyone?) at least as a client, you have a direct relationship that permits you to use the law to hold them accountable. Imagine if you woke up one morning to find your bank lost all your money in a cybersecurity hack. Would you just accept that? Unlikely.
But when similar news that Equifax lost highly valuable data which could result in your identity, home, credit or investments being stolen or compromised, we shrug. Just another bad day in the tragic land of big data, right?
Then the astonishing corporate response adds to this growing tragedy. Nearly two months after the breach, they are "letting consumers know" if they have been affected. You could supposedly go online to determine if your data was compromised, but that has already been exposed as a self-serving, non-functioning trick mostly aimed at providing "help" of only temporarily free services – profiteering from this breach in full view of all. Choosing paltry offers of either one year of free credit tracking or a one-time credit freeze, you had to also initially agree not to pursue legal action against them to obtain these fixes. What genuine contrition and offer of help does that constitute?
Maybe big government can help right? Doubtful. The regulator of note in this instance (the Federal Trade Commission) is riven with debate about its own role in cybersecurity enforcement and lacks any real credibility. It has made no meaningful progress to define strict standards of public conduct and protocols required of companies handling consumer data breaches. It also has no authority to impose fines for lapses either. So it is toothless and it shows. With the notoriously lax legislated standards imposed on this industry by congress, sadly no criminal laws were broken.
While a few states' attorney generals have already launched investigations, unless they rise up in legal revolt together, there's little legal liability looming for Equifax on that front either. So Equifax gets to hold your financial life story in apparently unreliable servers; lacks any permission to possess your data; prevents your access or control over it; and then aggregates and re-sells it to the highest bidder and nobody seems to mind.
