{"id":13892,"date":"2022-09-20T18:35:00","date_gmt":"2022-09-20T22:35:00","guid":{"rendered":"https:\/\/18fbf770e8.nxcli.io\/?p=13892"},"modified":"2022-09-22T18:56:33","modified_gmt":"2022-09-22T22:56:33","slug":"lessons-to-learn-from-the-equifax-data-breach","status":"publish","type":"post","link":"https:\/\/www.napolilaw.com\/article\/lessons-to-learn-from-the-equifax-data-breach\/","title":{"rendered":"Lessons to learn from the Equifax data breach<\/strong>"},"content":{"rendered":"\n

In 2017, the Equifax data breach was experienced as one of the most damaging data breaches in history. Cybercriminals accessed a massive trove of data on 148 million Americans that contained personally-identifying information<\/a>, including 209,000 credit card numbers.<\/p>\n\n\n\n

\"a<\/figure>\n\n\n\n

The full impact of the Equifax data breach is still being calculated. Its massive scope highlights ways in which credit reporting agencies and other third parties use our personal data\u2014and the threat that poses to every American.<\/p>\n\n\n\n

Understanding the breach<\/strong><\/h3>\n\n\n\n

As companies have leaned into the technology that has helped them achieve their business goals, they haven\u2019t always been as diligent with cybersecurity as they should have been.<\/p>\n\n\n\n

Prior to the breach, Equifax had already conducted an internal audit<\/a> that showed its network was vulnerable. The first Equifax data breach occurred in 2016, resulting in the leak of more than 430,000 names, addresses, social security numbers, and other types of information.<\/p>\n\n\n\n

Still, when cybercriminals gained access to Equifax\u2019s data in 2017, many of its cybersecurity systems were out of date. That allowed the hackers to maintain access from May to June of 2017\u2014the second Equifax data breach\u2014without being detected.<\/p>\n\n\n\n

The constitutional right to privacy<\/strong><\/h3>\n\n\n\n

Companies that collect personally identifying information have an obligation under the US Constitution to safeguard that data effectively. Although there is no specific \u201crights to privacy amendment,\u201d you call the Bill of Rights the \u201crights to privacy constitution.\u201d In general, courts and legal scholars agree<\/a>.<\/p>\n\n\n\n

Legal right to privacy<\/strong><\/h3>\n\n\n\n

The most significant law that protects our right to privacy is the Privacy Act of 1974<\/a>, which has been updated periodically to address changes in the information marketplace. In essence, the law enshrines individuals\u2019 right to privacy and establishes duties that companies have when they collect, use, or share personal information.<\/p>\n\n\n\n

Based on the Privacy Act\u2019s protections, the FTC has published best practices<\/a> for businesses when they\u2019re in possession of consumer information.<\/p>\n\n\n\n