RETHINKING HEALTHCARE DATA BREACH LITIGATION
By Jay Edelson and Aaron Lawson1
In the wake of the Equifax data breach, the risk to consumer data is something that not only individuals are facing, but also companies dealing in that commodity. Maciej Ceglowski, a web developer and Silicon Valley-based entrepreneur, likens collections of personal data to radioactive waste: "easy to generate, easy to store in the short term, incredibly toxic, and almost impossible to dispose of."2 Bruce Schneier analogizes data to a "toxic asset."3 Ceglowski and Schneier both advocate for companies to limit the data they collect and store, if for no other reason than for companies to limit their own exposure to the fallout from data breaches, hacks, and other leaks of personal information.
Most firms, however, treat consumer data not as toxic but as beneficial: data generates value, and effort should be put into figuring out how best to wring profits from collected personal data.4 On some level, most consumers are aware of this. Thus, the maxim "if the product is free, that means you’re the product."5