this post was submitted on 21 Sep 2024
53 points (100.0% liked)
US Law (local/state/federal)
46 readers
1 users here now
This is the only decentralized venue for chatter about law in the US. Federal law and law of various states and territories is on topic here.
Loosely related:
- [email protected] - covers UN-wide discussion on human rights
founded 3 months ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Would these data breaches count?
I’m not sure what data breaches you’re referring to. The data that makes it into the credit file is not generally due to a breach¹. Every “member” of a credit bureau is free to share info with the credit bureau. Those members (which are generally banks, insurance companies, creditors) usually put in their privacy policy some vague verbiage about sharing with credit bureaus.
If you mean breaches of the credit bureau, like what happened with Equifax, I don’t believe a US court would view the breach itself as quantifiable provable damage to every consumer. I think there would only be (court-recognized) damage if the data were actually exploited in a way that costs you money.
¹ Although I say unlawfully exfiltrated data would unlikely make it onto the credit report, I cannot know for certain precisely because the credit bureau conceals the info source. That’s the reason we would want the law enforced. If CRAs were to share the source info, we would be able to separate the sources we have agreements with from those we don’t, and possibly chase up the sources we did not authorize to investigate where the data came from, which very well could have a supply chain that leads to the black market, a ransom attack, etc.