"Numerous mechanical devices threaten to make good the prediction that 'what is whispered in the closet shall be proclaimed from the house-tops.'" A lawyer named Louis Brandeis wrote these words in 1890, in the first widely published article that suggested that people have a right to privacy. Brandeis later joined the Supreme Court, and with computerization and globalization, his prediction has come to pass.
Typically, the government does not have a right to tell people how to conduct their personal and private lives as long as they are obeying the law. To further and protect an individual's right of privacy, courts may require businesses to safeguard the individual information of their customers.
News reports reveal that many businesses have had customers' credit card information, Social Security numbers, and even medical histories stolen through online hacking and data breaches. In 2017 the credit bureau Equifax revealed that hackers had gained information to about 150 million customer accounts. Compromised information included birthdates, addresses, some driver's license numbers, and Social Security numbers. Class-action lawsuits that include plaintiffs in all 50 states are rare, but that is what Equifax faced after the breach. In 2018 Facebook faced a class-action complaint following a security flaw exploited by a hacker who stole account credentials of as many as 50 million users. The complaint alleged that Facebook's lack of proper security exposed users to an increased chance of identity theft. Meanwhile, a hack into Marriott's system, revealed in late 2018, affected 10 times as many people: personal data, including credit card information, phone numbers, and addresses, was stolen from 500 million Marriott customers. A class-action suit was undertaken on behalf of customers affected by the security breach.
Large and small businesses have been forced to take added security measures, such as encrypting customer data and limiting the number of employees who can see it. A business that does not do so can be found to have been negligent, found to have violated its customers' right to privacy, or both.
Damages associated with the loss of this information can be extensive. In addition, the violation of a customer's right to privacy may entitle the customer to compensation as well, in and of itself.
A business's failure to safeguard customers’ private information is considered negligent because the company has a duty to act reasonably, and it would be reasonable for a company to safeguard private information of customers. The failure to do this can cause significant exposure to the business in the event of a data breach. Fallout from data breaches can include lawsuits from customers whose identities have been stolen, the loss of consumer confidence, damage to the company's brand, and much more.
In term of who owns a person's private data, it is typically the person or company that inputs the data that is considered to own the rights to the data, regardless of how it was obtained. However, owning the data does not mean that the person or company can ignore individuals' privacy rights.