Data Privacy

What Is Data Privacy?

“Data privacy generally means the ability of a person to determine for themselves when, how, and to what extent personal information about them is shared with or communicated to others.” ⁽¹⁾

Why Is Data Privacy Important?

You have the right to decide who you share your personal information with — and how much you want to share. ^{(2) (3)}

Data privacy means businesses and governmental agencies must protect:

• Your personal information.
• The preservation of your personal autonomy.
• The trust you put in your health care systems and financial institutions.
• Your livelihood and daily living against fraud.

Data privacy also means businesses must comply with data privacy laws. Many state, federal, and international laws are in place to protect your privacy. ⁽⁴⁾ 

Unfortunately, hackers don’t need much information to scam you and others. Using “just a few key pieces of personally identifiable information (PII), like your name, driver’s license number, and Social Security number, an identity thief can begin accessing credit lines in your name, stealing your tax refund, or draining your bank account.” ⁽⁵⁾

Data Privacy vs. Data Security

Data privacy considers how your “personal data is collected, used, and shared.” Data security takes a close look at how your “data is protected.” ⁽⁶⁾

Businesses “must protect data with high value or sensitivity against hackers, competitors, and other unauthorized parties.” ⁽⁷⁾

Data security professionals come up with actual solutions to thwart hackers and cyber attackers. ⁽⁸⁾ Data security technologies include: ⁽⁹⁾

• Firewalls.
• Authentication and authorization.
• Encryption.
• Data masking.
• Hardware-based security.
• Data backup and resilience.
• Data erasure.

What Laws and Regulations Exist to Govern Data Privacy?

“Currently, privacy laws are a cluttered mess of different sectoral rules. … The United States doesn’t have a singular law that covers the privacy of all types of data. Instead, it has a mix of laws.” ⁽¹⁰⁾

• HIPAA — The Health Insurance Portability and Accountability Act covers communication between you and your doctors, hospitals, pharmacies, and insurers.
• FCRA — The Fair Credit Reporting Act “covers information in your credit report. It limits who is allowed to see” your credit report.
• FERPA — The Family Educational Rights and Privacy Act specifies who can request student education records. 
• GLBA — The Gramm-Leach-Bliley Act “requires consumer financial products … to explain how they share data, as well as the customer’s right to opt out.” 
• ECPA — The Electronic Communications Privacy Act “restricts government wiretaps.” 
• COPPA — The Children’s Online Privacy Protection Rule sets limits on the data a company can collect for children 13 years of age and younger.
• VPPA — The Video Privacy Protection Act “prevents the disclosure of VHS rental records.”
• FTC Act — The Federal Trade Commission Act “empowers the FTC to go after an app or website that violates its own privacy policy.” 
• CCPA — The California Consumer Privacy Act requires businesses and other organizations that collect consumer information to inform consumers how your personal data is collected. 
• GDPR — The General Data Protection Regulation specifies regulations in Europe. Regulations adopted in Europe often affect how big companies do business in the U.S. ⁽¹¹⁾

Types of Data Privacy

There is a variety of information that falls into this category. Different types of data privacy include:

• Personally identifiable information (PII).
• Personal health information (PHI).
• Mental health information.
• Personally identifiable financial information (PIFI).
• Student records.

“A single breach can have serious impacts: Individuals can suffer identity theft or blackmail, while companies risk financial costs along with damage to public, investor and customer trust.” ⁽¹²⁾

What Constitutes a Data Privacy Violation?

Businesses do not have a right to violate data privacy laws. You may be able to sue a company if it takes any of these actions, or inactions: ⁽¹³⁾

• Processes your personal data without consent.
• Prohibits you from opting out of having your personal data processed.
• Lets third parties access your customer data without adequate controls.
• Shares your data with third parties without adequately monitoring how that data is used.
• Stores your sensitive information in plain text.

Weitz & Luxenberg Has Experience in Data Privacy Litigation

Our data breach attorneys have worked on — and won — legal cases involving data privacy for our clients. Weitz & Luxenberg has class action lawsuits filed over these data privacy cases, among others:

• New York Presbyterian Hospital — This hospital wrongfully disclosed patient confidential personally identifiable information and protected health information to third parties.
• University of Rochester Medical Center — The university breached patient data privacy and failed to secure their information as part of its efforts to increase the medical center’s revenue.
• Practice Resources — W&L partner James Bilsborrow was appointed as Plaintiffs’ Interim Co-Lead Class Counsel for this litigation against this medical billing services provider that failed to protect the personal medical information of hundreds of thousands of people who had their data stolen.

Our attorneys have a history of winning data privacy cases. One such case was:

• Excellus Health Plan —  Our attorneys reached a settlement with Excellus and others in a class action suit involving a cyberattack, ultimately leading to a data breach.

Attorneys Dedicated to Combating Data Privacy Violations

Mr. Bilsborrow, as co-chair of our firm’s Consumer Protection group, has spearheaded a
number of W&L consumer class action initiatives.

“In this day and age, data privacy issues are a top concern for millions of people across the country. At Weitz & Luxenberg, we understand the enormous and far-reaching consequences of data privacy violations. Our team has dedicated ourselves to seeking just and appropriate compensation for victims of a failure to maintain data privacy,” says Mr. Bilsborrow.

Why Hire Weitz & Luxenberg for Your Data Privacy Case?

Weitz & Luxenberg aims to provide you with the best legal representation possible. W&L attorneys have:

• Won more than $19 billion on behalf of our clients.
• A track record of winning lawsuits against large corporations.
• Almost 40 years of experience helping clients harmed by the actions — and reckless inactions — of large companies.

For your protection, W&L recommends:

• Reviewing your credit card and bank account statements regularly.
• Monitoring your credit ranking to keep track of credit scores and other inquiries using your data.
• Maintaining some kind of credit monitoring protection for info such as your social security number and bank account information.

The good news is that federal, state, and local laws are on your side. Responsible companies should notify you in writing if they think your data may have been compromised. And Weitz & Luxenberg may be able to help when others can’t. Reach out to us today.