Data breaches play a major role in both identity theft and credit card fraud.
1,244 data breaches occurred in 2018 exposing almost 450-million records containing information that could identify an individual, as well as exposing over 1.68 billion other records such as email addresses and usernames.
The problem with all existing consumer privacy laws is that the consumer must opt-out. That puts the burden on the consumer to monitor how their private data is used or abused. “Opt-in” consumer privacy puts control of the consumer’s privacy back in the hands of the consumer.
It is a necessary part of businesses to collect and store data on its customers in order to serve their customers well. That’s not the issue. The issue is what happens to personal data entrusted to a business. When businesses sell small bits of a consumer’s information, all of these bits, called data points, are consolidated into large databases. These data points are then used to create a digital profile of a person down to the smallest detail. Facebook alone is said to have 52,000 data points on each of its users.
We need legislation establishing that a consumer’s personal data is the exclusive property of the consumer and as such would make it unlawful to sell a consumer’s data for profit without the consumer’s explicit consent.
The legislation would make opt-ins the default rather than opt-outs. In the process of asking the consumer to opt-in, the consumer shall be given the opportunity to correct any errors and choose specifically which personal data may be shared and which specific data points may not.
The legislation would also prohibit and nullify any default or automatic opt-ins or “right to sell your personal data” clauses in user agreements
The legislation would provide for the enforcement; provides civil penalties; and preempts home rule.