A new report from the Joint Economic Committee’s minority staff puts a number on what most privacy advocates have already suspected.
Data broker breaches are enormously costly.
The report analyzed four major incidents over the past decade, Equifax, Exactis, National Public Data, and TransUnion, and estimated that more than $20.9 billion in consumer losses were tied to identity theft alone.
Just as troubling as the breaches themselves is what the investigation uncovered about the behavior of data brokers. The finding was that multiple companies were using technical code to high opt-out tools from search engines making it more difficult for consumers to have agency over their own data. Several of these companies only fixed the issue after congress stepped in.
This is precisely why case-by-case enforcement and voluntary compliance aren’t enough. There needs to be a renewed effort to rein in data brokers and this includes requiring data brokers to register annually with the FTC and give every consumer a clear and enforceable option to opt-out of data sales. Part of this includes stopping these companies from hiding these opt-out rights in multi-page privacy policies or hiding them from search engines. The $20.9 billion figure isn’t an abstraction, but the price of inaction on moving federal privacy policy.
;
