New York Attorney General Report Sheds Light on Massive Data Breach Crisis – But Consumers Can Do Little To Hold Corporations Accountable

With the ubiquitous use of credit cards, online purchases, and a myriad of other electronic transactions, American consumers can do little to prevent their personal and financial information from ending up on the Corporate Cloud. Instead, it’s up to the corporations to protect consumers’ information – but the almost daily reports of data breaches suggest that they are failing to take necessary precautions.

Last year, in New York alone, more than 7.3 million residents had their personal and financial records exposed through a data breach, costing the public and private sectors more than $1.37 billion. In that year, New York institutions experienced more than 900 data breaches, according to a report released by the New York Attorney General on Tuesday, and reported by the New York Times:

“What’s truly shocking about this report, beyond the fact that hacking is now the greatest threat to our personal information and costs us billions of dollars, is that many of these breaches could have been prevented,” Eric T. Schneiderman, the New York attorney general, said in a statement. “If millions of New Yorkers were exposed, one can only imagine how many have been compromised across the nation.”

State attorneys general, tasked with protecting consumers, have taken significant steps to hold the countless negligent corporations accountable, but the New York Attorney General’s report shows that consumers must also be able to enforce their privacy rights. Unfortunately, victims may find that they cannot hold the negligent corporation accountable in court because of aforced arbitration clause buried in its terms of service. And without any full enforcement of privacy laws, corporations have little incentive to protect consumers’ personal information.

Corporations use forced arbitration clauses to evade privacy laws because they allow the company to kick violated users out of court and instead funnel them into a rigged forum run by an arbitrator selected by the company. This arbitrator is not required to have any legal training and does not even have to follow the law.

Forced arbitration clauses also prevent users from joining forces in a class action, meaning that each consumer must take on the corporation (and its lawyers) alone.  And because arbitration is a secretive process, victims and the public will likely not be able to learn of the extent of the corporations’ negligence.

Americans’ are in dire need of effective enforcement of privacy laws, but the abusive use of forced arbitration eliminates the possibility of corporations ever having to fully answer for data breaches in court.