How To Prevent Data Breaches
A data breach occurs when bad actors hack a company that handles sensitive information. The criminals may gain access to significant stores of personal information, often including bank data, credit card details, and identifying information such as Social Security numbers.
Having your information stolen in a data breach puts you at risk of identity theft, which can result in financial losses such as fraudulent bank transactions or new lines of credit opened in your name. Fortunately, there are steps you can take to prevent data breaches. You also have specific legal rights if your data has been compromised.
How To Avoid a Data Breach
Data breaches come in many forms and often strike out of the blue. Protecting yourself can feel like an impossible task, but using basic cybersecurity practices can help you stay safe and minimize the impact of a breach on your other accounts.
- Create Strong, Unique Passwords: Always choose a completely new password when opening new online accounts. Passwords should be strong, using a combination of lowercase and uppercase letters, numbers, and symbols when possible.
- Enable Multi-Factor Authentication: MFA is critical for preventing data breaches. When you use MFA to authenticate your login attempts, hackers can’t gain access to your accounts without access to your cell phone or other device, even if they have your correct login information.
- Recognize and Avoid Phishing Scams: “Phishing” occurs when scammers contact you pretending to be a legitimate company. Always check your emails or texts for incorrect email addresses, misspellings, and similar mistakes that can indicate phishing. If you suspect an email or text is a phishing scam, find the real website for the organization the scammers are potentially impersonating and use that information to contact customer service.
- Use Secure, Trusted Wi-Fi Networks: Use Wi-Fi networks that are trustworthy and password-protected whenever possible, and never send private information over a public network. Wi-Fi networks without password protection can give hackers easy access to your personal information.
- Regularly Update Software and Hardware: Regularly updating your devices’ hardware and operating systems helps you protect yourself from data breaches. Older devices are at risk of data breaches because they receive fewer security updates, creating more vulnerabilities for hackers to exploit.
- Limit Access to Sensitive Information: Many websites and apps offer to save sensitive information, such as login information or credit card details, but saving your information in this manner places you at risk of identity theft.
- Reduce Information Shared on Social Media: It’s easy to forget how much information bad actors can pull from your social media accounts. Make your accounts private and avoid posting personal information such as your name, birth date, or location.
- Use Trusted Plugins and Software: Malware installed on your computer can access your personal files and send information to hackers. Never install programs you don’t recognize or that your computer flags as suspicious. Be careful about granting tech support services and other third parties access to your computer.
- Don’t Visit Sites Without Secure URLs: Most websites use secure “https://” links and have security certificates that your browser processes before loading the page. If your browser flags a site’s security certificate as out of date or if a site seems suspicious, hit the back button and look for another site with the information you need.
Are Companies Legally Required To Protect Consumer Data?
Companies that collect customer data are legally required to inform customers about the information they collect and how they handle it. If a company collects your information, they have a legal duty to minimize its accessibility and protect it from data breaches.
Personally identifying information and sensitive personal information have different standards for data protection. Sensitive personal information, or SPI, includes data that can both identify a person and potentially harm them if released, making companies handling it subject to stricter regulations than personally identifying information, or PII.
Companies that fail to adequately protect PII and SPI can be held legally liable under several different laws.
Consumer Data Protection Laws
In the United States, Federal Trade Commission regulations and the Health Insurance Portability and Accountability Act, or HIPAA, limit how personally identifiable health information may be collected and shared. The FTC is typically responsible for administering legal consequences after a breach.
Other laws, such as the European Union’s General Data Protection Regulation, or GDPR, and the California Consumer Privacy Act, or CCPA, also govern companies’ handling of consumer data. Companies operating outside these laws’ jurisdictions often try to comply with them to minimize service interruptions.
Businesses are legally obligated to collect as little sensitive information as possible from consumers to prevent harm by breaches. When handling sensitive information, businesses must maintain the highest possible degree of security and actively work to avoid breaches. The FTC’s guidelines for compliance with its Health Breach Notification rule cover how to proceed if sensitive consumer information is breached.
What To Do if a Data Breach Occurs
Take action quickly if your personal information is exposed in a data breach. To prevent the flow of stolen data, learn as much as possible about the breach, change your passwords, and set up tools like password managers and multi-factor authentication.
If you receive a data breach notification, it’s important to verify its authenticity before acting. Scammers may try to impersonate companies and trick you into sharing more personal information. If you’re unsure about the authenticity of a data breach notification, here’s how to spot a fake notification.
If your personal data has been compromised, following these steps can protect you from identity theft and other consequences of a breach.
What To Do if You Think Your Information Has Been Leaked
If you think your information has been leaked in a data breach, you must take additional steps to avoid the risk of financial fraud.
After changing any leaked passwords, monitor your bank accounts, credit cards, and other financial accounts and watch for fraudulent transactions.
Fraudulent transactions after a data breach don’t always look like a single large, suspicious transaction. Someone who gains access to your information may commit many smaller acts of theft over time to avoid scrutiny.
Also, check your credit report for signs that another person is abusing your credit cards or opening new cards in your name. Placing a fraud alert on your credit report prevents new accounts from being opened under your name without the credit card company calling and identifying you personally.
Legal Rights of Data Breach Victims
As a data breach victim, you have the right to be notified of a breach when it occurs and the right to request that the breached company delete your personal information from its servers.
The breach must have resulted from negligence by the company that collected your data for you to qualify for compensation in a data breach claim. Determining if the breach was unavoidable and whether the company did everything possible to protect your personal information can impact whether you receive compensation. A data breach attorney can determine whether you have a strong claim.
Can You Seek Compensation After a Data Breach?
After a data breach, you can pursue compensation for your resulting damages, which includes any legal fees you incurred because of the incident.
Damages include economic damages and non-economic damages. Economic damages cover the financial losses you incurred from the theft of your data, such as fraudulent credit card charges or bank withdrawals related to identity theft.
Non-economic damages compensate you for lasting effects of the breach that don’t have specific financial value. If losing your information in a data breach left you with lasting psychological or emotional symptoms that disrupt your life, such as ongoing paranoia, depression, or similar conditions, you may be eligible to receive non-economic damages for emotional distress. While data breaches are always stressful, you must have a diagnosed condition to receive compensation for emotional distress.
A data breach lawyer will thoroughly assess your claim and help you determine the types of compensation that may be available to you.
How a Data Breach Lawyer Can Help You Seek Compensation
Taking proactive action to avoid data breaches is always in your best interest. However, these measures aren’t always enough to protect you from having your data stolen. Data breaches can result in significant financial losses and lasting emotional trauma. You have the right to protection from breaches, and impacted companies must mitigate the effects of a breach.
If you’ve become the victim of a data breach, you have options. Contact a data breach attorney to learn more about your legal rights. In some cases where a large group of people have been affected by the same breach, you may be able to start a class action suit or join an existing class action. At Class Action U, we can make sure you’re not leaving money on the table after a data breach. Reach out to us online today.
"*" indicates required fields
