If you received a notification of a data breach, you need to know your options. This guide explains how to assess your legal remedies when you receive a notice about a breach of your personal information.
Understand the Incident
The notification letter should explain when the unauthorized access occurred and what type of information was accessed. Also, the letter should inform you about any misuse of your information. However, there is no way to be sure how the breach will personally affect you.
Activate Identity Monitoring
After a data breach, many companies offer complimentary identity monitoring. You should activate the free monitoring service and take advantage of any other protections offered by the company, such as identity theft insurance. However, if the company does not offer free monitoring or other protections, you should purchase an identity theft monitoring service.
Every state has a data breach notification law that requires covered entities to notify all individuals that are affected by a breach. The legal remedies offered by the state statutes can vary from state to state.
In Florida, there is the Florida Information Protection Act (“FIPA”). The FIPA law requires covered entities to give notice to individuals whose personal information was accessed in a breach. However, the statute does not allow for a private cause of action, so an affected consumer cannot sue for damages under the statute.
Although Florida does not offer statutory damages, if an affected individual suffers damages from a data breach, the individual can sue the company for negligence. To win a lawsuit, the plaintiff must prove the four elements of negligence:
- Duty of Care – the company had an obligation to exercise a reasonable level of care under the circumstances.
- Breach of Duty – the company must breach the duty for there to be an actionable claim for negligence.
- Causation – there must be a link to the company’s actions that caused the damage.
- Damages – there must be actual losses that was caused by the breach.
Under a negligence theory, a company may be liable because the FIPA law establishes a “duty of care” by requiring a covered entity to “take reasonable measures to protect and secure data in electronic form containing personal information.” If the company is liable for breaching its duty of care, then an affected individual may have a lawsuit for damages.
If you receive a breach notification, you may want to join a class action lawsuit. There is an advantage to joining a large group, and you don’t have to deal with the time and attention involved with filing an individual lawsuit.
There can be disadvantages to joining a class action, so make sure you make the right decision for your situation. By joining, you can lose the right to file an individual lawsuit. You will have to accept the settlement offer that the class representatives approve. Also, if you are a victim of identity theft, you may be eligible for more money than you would receive in a class action.
If you are a victim of a data breach, keep track of any expenses that you incur while you deal with the aftermath of the breach. Meanwhile, take the necessary steps to monitor your credit report.
You may need to contact an attorney if you have questions about a breach notice or if you accumulate damages, such as expenses related to identity theft. To assist data breach victims, Florida offers an online Identity Theft Victim Kit.